In short: Google is limiting some Android app permissions following a privacy gaffe that saw the company potentially compromise up to half a million Google+ users, decide against publicizing the issue for seven months, then disclose it together with the announcement that it's shutting down the consumer version of its struggling social media network earlier today. Moving forward, only default dialer and SMS apps — as well as designated Google Assistant handlers — will be able to access one's call logs and SMS data, with only a few exceptions such as backup tools, VoIP services, smartwatch companion apps, and voicemail solutions being allowed to do the same. The Google Play Developer Policy Center has now been updated to reflect all of the changes to user data and permission handling policies for app creators announced on Monday. Access to contact interaction data enabled by the Android Contacts API will also be universally revoked in a matter of months, Google said.
Background: The new developer policy changes come as a privacy debacle stemming from a range of Google+ APIs became the final nail in the coffin of the largely abandoned social network. Combined with low usage, Alphabet's subsidiary concluded the consumer side of Google+ is not worth maintaining any longer. The company's attempt to preemptively combat data leaks by limiting third-party access to some information is also unlikely to be a universally praised move; Facebook did the exact same thing following its Cambridge Analytica scandal earlier this year and ended up being criticized by some industry veterans. In a March interview with AndroidHeadlines, Jedidiah Yueh, founder of secure data management company Delphix, said it's “too late” for improving user privacy with absolute restrictions, claiming Facebook should instead be doing more to protect, anonymize, or, if testing is the main goal, even fake data instead of outright denying it. Given the similarities in Google and Facebook's responses, the same criticism appears to apply in the Google+ case as well.
Impact: The days of activating a messaging app such as Viber by having it read the activation code you received via SMS on your Android device are now over, with Google deeming those and similar use cases too large of a security risk. Whether this philosophy of limiting third-party data access extends to more apps remains to be seen but given the amount of scrutiny Google is currently facing all over the world due to its