Google has announced this week plans to crack down on Android apps that abuse the OS permissions system and request access to user geo-location data when the app is not in use.
Starting with May, the OS maker plans to show warnings in the Play Store backend to all Android app developers about the need to update their apps.
Going forward, Android apps will have to request access to location data based on the way they need this information.
Google plans to review each app on a case-by-case basis and remove apps from the Play Store if they request access to location data and that’s not immediately used inside the app.
Google plans to review its own apps as well, the company said in a blog post this week.
Crackdown on background location data harvesters
The goal of this major rule change is to crack down on apps that may be secretly harvesting location data while they are not in use. This type of data is called “background location data” and most app makers often sell it to analytics firms and online advertisers.
Starting with August 3, Google plans to analyze any new app submission to the Play Store and check if the app is requesting access to background location data, and if the app actually needs this to work.
This review process will be extended to all app updates on November 3, time until which app makers have to update their apps and remove any non-compliant code that gobbles up location data without using it, and especially location data while the app is not in use.
Google said that apps that send emergency or safety alerts, tracker apps, some weather apps, and some social media apps, will be allowed to access location data, even in the OS background, since the feature is clearly needed for core functions.
On the other hand, many apps will most likely have a problem passing Google’s upcoming reviews, especially those that made it a habit of accessing this data because there was nothing stopping them.
Google updates Android location permission prompt, again
Google has been aware of this mass location data harvesting problem for a while. This is one of the reasons why Google decided to split each permission request to its own prompt a few years back.
However, as time went by, Google engineers also realized that this didn’t solve the problem. Under the guise of a location-centric feature, apps would often coerce users into granting them this permission, which they then proceeded to abuse continuously after that.
Last year, with Android 10, Google added a new custom permission prompt that let users allow an app access to location data “at all times” or “while the app was in use.”
This helped weed out some of the abusing apps, but Google plans to update this permission prompt further, and make it more strict with the release of Android 11 this fall.
Google says it will remove the “at all times” option and replace it with one that says “only this time.”
The new permission prompt will result in a wave of permission popup spam, but it will also allow users to prevent apps from accessing location data more than they need to.
For example, you’ll be able to prevent an app like Instagram from accessing location data, but allow it one-time access while you geo-tag a photo on rare ocassions.