The Google+ bug that eventually led to the demise of the service altogether for consumers, has forced the tech giant to take necessary steps to tighten the reins on what data is shared with third-party apps. Google has refined developer program policies to include ceiling limits on which Android apps can access SMS permissions and call logs, and is also removing user information available on Contacts Provider. Furthermore, Google is also providing more granular control over third-party app permissions for Google accounts, so that users can choose what data to share and what not to, and limiting access to Gmail consumer data as well.
More granular Google account controls mean users can decide what account data they choose to share with each app. Instead of seeing all requested permissions in a single screen, apps will have to show you each requested permission, one at a time, within its own dialogue box. “For example, if a developer requests access to both calendar entries and Drive documents, you will be able to choose to share one but not the other,” Google explains on its blog. These changes will begin to roll out to new clients starting this month and will get extended to existing clients at the beginning of 2019.
Furthermore, Google is limiting access to consumer Gmail data, and has updated the user data policy to reflect the change. Only apps directly enhancing email functionality will be authorised to access this data. These include email clients, email backup services and productivity services like CRM and mail merge services. Moreover, these apps will need to agree to new rules on handling Gmail data and will be subject to security assessments as well.
Furthermore, Google is also limiting access for Android apps that want call (Phone) and SMS data. It will only let those apps access SMS and call data that the user has selected as default for making calls or text messages. This app will also first need to request for permission. (There are some exceptions-e.g., voicemail and backup apps.). Google is also removing access to contact interaction data from the Android Contacts API within the next few months, and is rolling out additional controls and update policies across more of their APIs. For developers, the updated user data policy can be read here.