3
Google will change the way its Play Store works to give developers more context about how their apps are used. But this is also done at the expense of a certain transparency.
Google takes a strange step backwards on the protection of personal data. From July 20, the information displayed on the Play Store for each application will no longer be as complete as before, or at least may not be as complete as before. As Ars Technica noticed, a change gradually implemented since last April will stop automatically listing the permissions required by each application that you are likely to download.
Google relies on good faith
Until now, each application listed on the Play Store was automatically scanned by Google to establish the list of authorizations necessary for its operation (geolocation, access to files, SMS, etc.). The list of permissions requested by the app was then listed on its file. From July 20, Google will completely switch to a system based on the good faith of the development teams. Each developer will fill in the list of permissions by hand, briefly explaining why this permission is requested.
This change in method is intended, according to Google, “Help users understand what data is collected or shared by your app, and outline your app’s key security and privacy practices.“The automatic list generated by Google was indeed not necessarily very clear since it did not give any context specifying why an application could request certain authorizations. On this, the development teams will be able to be more exhaustive.
The new layout of permissions on the Play Store — ©Google
But the automatic scanning method had the advantage of being perfectly transparent. If an app’s configuration file indicated that it needed geolocation access, that permission was automatically listed. From now on, this will be done on a declarative model. The risk that a developer “forgets” to list an authorization is therefore not zero, even if Google obviously specifies that, if such practices are noticed, the company may “be required to take appropriate measures, including sanctions.“
No Secret Data Mining
Let’s be very clear on one point: this does not mean that an application will be able to access your GPS location or your text messages without asking you. Once the software is installed, it will still need to ask you before accessing your personal data, just like before. This simply means that the presentation cards on the Play Store will no longer necessarily be as transparent as before, when a robot took care of listing all the authorizations potentially required. It will now be necessary to have confidence in the description provided by the creators and creators of applications.
The Play Store will continue to scan apps for required permissions, but will no longer display them to users. In doing so, the Play Store is getting closer to the iOS App Store, which also relies on the good faith of the development teams for its “privacy labels”. A solution combining automatic detection and human contextualization would have been preferable given Google’s reputation for Play Store security.