Google is changing its app review process to address developer complaints. Here's what you need to know about it.
Android apps are no longer able to use SMS and Call Log permissions unless that constitutes a "core functionality" of the app, following changes to Google's policies for Android developers that went into effect in October 2018. When this was announced, developers were given 90 days to bring their apps into compliance with the policy, with noncompliant apps facing delisting from the Google Play Store.
However, trying to claw back permissions formerly granted to Android apps has prompted a great deal of dismay from Android developers, and users of apps that have had features reliant on those permissions stripped out. On Monday, Google announced changes to the review process to address complaints about the policy change and enforcement practices. Here's five key takeaways about the permissions controversy.
1. Why SMS and Call Log permissions are being restricted
Google announced an overhaul of how personal data can be used in October 2018, including how third-party access to personal data through APIs is made available, under the "Project Strobe" banner. This announcement was made alongside plans to shut down Google+ due to the discovery of an API bug allowing improper access to data.
SEE: How to build a successful developer career (free PDF) (TechRepublic)
At the time, Google stated that "Some Android apps ask for permission to access a user's phone (including call logs) and SMS data. Going forward, Google Play will limit which apps are allowed to ask for these permissions. Only an app that you've selected as your default app for making calls or text messages will be able to make these requests. (There are some exceptions—e.g., voicemail and backup apps.)"
Though Google notes that "we have always required developers to limit permission requests to only what is needed for their app to function and to be clear with users about what data they access," permissions in Android were too sweeping, allowing excessive access to developers. Google suggested alternative APIs granting more granular access, allowing developers to reimplement features.
2. Restricting permissions breaks functionality in popular apps
The sudden restriction of these permissions caused considerable consternation for developers, as Google's ability to communicate what was and was not permitted were often obtuse, or "unclear and hard to complete correctly," the company claimed.
Independent developers turned to community boards such as Google's Issue Tracker and Reddit to voice their complaints, with the creator of EasyJoin Pro—an app that allows SMS messages and calls to be sent from remote devices, a feature restricted specifically to the Pro version—told by Google that "the declared feature is allowed, however we determined it to be unnecessary for the core functionality of your app." Likewise, the developer of ACR Call Recorder was denied access to permissions that enable recording phone calls, and the developer of automation app Tasker was set to lose similar functionality, though their appeal resulted in "task automation" being added as a valid exception.
3. Google is pledging to be more timely and human
Google acknowledged feedback, indicating that "it took too long to get answers on whether apps met policy requirements," and "the process for appealing a decision was too long and cumbersome." The company also acknowledged "the impression that our decisions were automated, without human involvement," and that it was "hard to reach a person who could help provide details about our policy decisions and about new use cases proposed by developers."
To address these concerns, Google pledged to review and improve the appeals process, "include appeal instructions in all enforcement emails," and added that "the appeal form with details can also be found in our Help Center." Google also claimed that "Humans, not bots, already review every sensitive decision but we are improving our communication so responses are more personalized — and we are expanding our team to help accelerate the appeals process."
4. New developers will face more scrutiny when submitting apps
Google is taking aim at developers who create new accounts after receiving bans, affecting new developers. Google noted in the Monday announcement that "we will soon be taking more time (days, not weeks) to review apps by developers that don't yet have a track record with us. This will allow us to do more thorough checks before approving apps to go live in the store and will help us make even fewer inaccurate decisions on developer accounts."
SEE: 10 ways to prevent developer burnout (free PDF) (TechRepublic)
Frequently, developers creating apps that display excessive advertising, or load adverts that are not displayed, are a growing problem, with the total number of apps engaging in fraudulent ad impressions increasing by 159% from 2017 to 2018, according to DoubleVerify.
5. Android Q is bringing more changes to developers
Android Q will also bring the headache of dealing with "scoped storage" to developers, prompting complaints on Google's Issue Tracker. Scoped Storage prevents the use of existing API calls for read or write external storage. Effectively, attempts to use the old method fail silently, with no filesystem visibility exposed to apps when the APIs are used.
While it will still be possible to access music, video, and images, this change effectively breaks file manager or FTP apps.
- 5G smartphones: A cheat sheet (TechRepublic)
- IT pro's guide to the evolution and impact of 5G technology (TechRepublic download)
- BYOD (bring your own device) policy (Tech Pro Research)
- The 10 best smartphones you can buy right now (ZDNet)
- Best mobile VPN services for 2019 (CNET)
- The 10 most important iPhone apps of all time (Download.com)
- Smart phones and mobile tech: More must-read coverage (TechRepublic on Flipboard)