Google’s New Policies Limit Third-Party App Access to User Data
Seems like Google is determined to make it all hard for those many people who rely on customers’ data extracted by mobile apps; the internet giant has reportedly decided to limit the extent to which third-party apps can access user data.
This decision by Google would affect startups, e-commerce companies and many financial technology platforms that rely on such data for working out their businesses. This move will ban mobile apps from accessing users’ call logs and texts, thereby putting an end to the freedom that many app developers had been enjoying.
Experts believe that such a move would have a direct and big impact on many lending and financial services companies, especially because such companies depend greatly on such data that the app developers pass on to them, to determine customers’ credit scores and such other things. E-commerce companies depend on such data to build customer profiles and plan their marketing moves.
Many startups that have come up in the recent months were already eyeing the data pertaining to millions of users they were likely to get from such third-party apps. Such data, which throws light on consumer behavior and smartphone usage/internet usage pattern, is of great help to such startup companies. They can plan the manufacturing of better products and also plan better marketing for their existing products. But this decision would definitely deal a great blow to all such plans of theirs.
Experts believe that it’s not just start-ups that are going to get affected. This move by Google, according to trade analysts and experts, would affect big players as well.
The Google API Services: User Data Policy, last updated on October 8, 2018, says, “If you wish to access Google user data you must provide Google users and Google with clear and accurate information regarding your use of Google API Services.”
In a detailed blog post, Adam Dawes, Senior Product Manager at Google writes, “Google offers a wide variety of APIs that third-party app developers can use to build features for Google users. Granting access to this data is an important decision. Going forward, consumers will get more fine-grained control over what account data they choose to share with each app…Over the next few months, we’ll start rolling out an improvement to our API infrastructure. We will show each permission that an app requests one at a time, within its own dialog, instead of presenting all permissions in a single dialog*. Users will have the ability to grant or deny permissions individually.”
The Google Data Policy also explains that users need to be given accurate information regarding who is requesting user data, what data is being requested and why Google user data is being requested. Google demands that all developers should be transparent about the data they access and that they should have privacy disclosures which are clear and prominent. The privacy policies and all in-product privacy notifications should be “accurate, comprehensive, and easily accessible”. The developers should also ensure that the disclosures that they make about data use are prominent and timely.
The Data Policy also states that developers shouldn’t request access to information that they don’t need and that they should request permissions in context wherever possible. It also prohibits the deceptive or unauthorized use of Google API Services, and states, “You are strictly prohibited from engaging in any activity that may deceive users or Google about your use of Google API Services.”
Google clarifies that only Android apps selected by users as ‘default apps’ for calls and texting would be able to request access to such data. Limited exceptions may be granted to apps that provide compelling or critical features when there are no alternative methods to provide those features.
Experts who point out that these developments could affect many enterprises also say that it’s not just the policies that matter, it’s how these policies are implemented that matters.
Julia Sowells410 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.