Yesterday Google announced a security breach that may have exposed data of over 500,000 users of its Google+ social network.
Security experts and privacy advocated criticized the company because it did not disclose the flaw in the Google+ when it first discovered the issue in March because it feared regulatory scrutiny and reputational damage.
.Now the company in order to prevent potential leakage of sensitive data to third-party app developers implemented significant changes to give users a granular control over the data they allow to share with each app.
Google has updated its Account Permissions system in order to allow users to grant individual permission rather than grant a full set of permissions at once.
The company introduced several changes as a result of the work of its internal group Project Strobe, an internal task force charged of conducting a companywide audit of the company’s APIs in recent months.
The team reviewed the third-party developers access to Google account and Android device data, the IT giant has changed the way permissions are approved for Android apps to prevent the abuse and potential leakage of sensitive call and text log data by third-party developers.
While the apps are only supposed to request permission those are required for functioning properly, any Android app can ask permission to access your phone and SMS data unnecessarily.
The new rule is part of the Google Play Developer Policy and aims to prevent the abuse of Call Log and SMS permission usage to your “default” phone or SMS apps only.
“Some Android apps ask for permission to access a user’s phone (including call logs) and SMS data. Going forward, Google Play will limit which apps are allowed to ask for these permissions.” reads a blog post published by Google on the Project Strobe.
“Only an app that you’ve selected as your default app for making calls or text messages will be able to make these requests. (There are some exceptions—e.g., voicemail and backup apps.),”
Google has also limited access to Gmail API only for apps expressly developed to improve/implement email features, including email clients and email backup services.
The measure aims at limiting APIs access to data from your Gmail email account.
What will happen from today?
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.