Keeping your personal data safe and secure is vital to the success of Android. If the platform gets a reputation for revealing sensitive data to other apps then it will make people feel wary about getting an Android phone. This was the point of the permissions system and Google has refined it over the years into the granular option we have today. Late last year, Google announced that they would be restricting which applications on the Play Store had access to the call log and SMS permissions. These are integral to the way certain apps work and Google decided not to give the user the choice to deny or allow access.

At the time, the company said they were giving developers 90 days to update their apps or they would get removed from the Play Store for violating the new policy. The change is unique because even applications that are allowed to stay will only have access to this data if they are set as one of Android's "default apps." Since this new policy will only allow default handlers of phone and SMS to have access to this data (with few exceptions), it put a lot of miscellaneous apps that used these permissions for their functionality on the chopping block. This included applications such as Cerberus, ACR Call Recorder, and Tasker.

Thankfully, Tasker was able to successfully appeal the new policy change as the policy was updated to exempt automation apps, but that hasn't been the case for other apps that use this type of data. For example, Cerberus has a feature that allows for "SMS commands to recover a lost/stolen phone which is not connected to the internet." Phone call recorder apps such as ACR Call Recorder use the call log permission so that they know which phone number to attach to which recording. However, with this new policy change, these features will no longer be possible since the apps will not be allowed to have access to call log or SMS permissions.

This week Google published a new article on the matter as a reminder to developers that could be impacted by this change. The post reminds them that the company will begin to remove apps that have not updated their functionality (or successfully appealed it) in the next few weeks. Developers affected by this change will have the following two options:

  • Submit a new version without these permissions.
  • Submit a new version of your app that retains the permissions. Doing so will require you to complete a permissions declaration form inside the Play Console (coming soon) and will give you an extension until March 9th to remove the permissions or receive approval for your use case.

Source: Android Developers Blog