Your browser is obsolete!

The page may not load correctly.

Android territory

Туманность Андроида

Other issues in this category (20)
  • add to favourites
    Add to Bookmarks

Throw the baby out with the bathwater?

Read: 471 Comments: 2 Rating: 7

You have probably heard the idiomatic expression "Don't throw the baby out with the bathwater". Today, with the most recent innovation from Google, this phrase has become more relevant than ever before.

So, I received this message today and was stunned as soon as I read it: In short: if your application uses READ_CALL_LOG, WRITE_CALL_LOG, PROCESS_OUTGOING_CALLS, READ_SMS, SEND_SMS, WRITE_SMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, or RECEIVE_MMS and is not the default app for SMS and calls, it won't be able to use these permissions.

There is also this part of the message I don't quite understand: migrate to an alternative implementation (e.g., SMS Retriever API for most cases of OTP verification). Is there a way to access SMS data without requesting those permissions? If there is, I know nothing about it.

And here is why I'm so worried: our company has been using an Android app to send instructions to our employees via SMS. And now, since that is no longer allowed, how can we make the application retrieve SMS data associated with a specific phone number?

Hello Google Play Developer,

In October, we announced updates to our Permissions policy that will limit which apps are allowed to request Call Log and SMS permissions. This policy will impact one or more of your apps.

Only an app that has been selected as a user's default app for making calls or text messages, or whose core functionality is approved for one of the exception use cases, will be able to request access to Call Log or SMS permissions.

Action required

Below, we've listed apps from your catalog which do not meet the requirements for permission requests. Please remove any disallowed or unused permissions from your app's manifest (specified below), migrate to an alternative implementation (e.g. SMS Retriever API for most cases of OTP verification), or evaluate if your app qualifies for an exception.

Next steps
Read through the Permissions policy and the Play Console Help Center article, which describes intended uses, exceptions, invalid uses, and alternative implementation options for usage of Call Log or SMS permissions.

Update your app or submit a Permissions Declaration Form.

Option 1) If your app does not require access to Call Log or SMS permissions: Make appropriate changes to your app by removing the specified permissions from your app's manifest or migrating to an available alternative implementation by January 9, 2019.

Option 2) If your app is a default handler or you believe your app qualifies for an exception: Please submit a request via the Permissions Declaration Form. You do not need to have implemented APK changes in order to submit a form. Declaration Forms received by January 9, 2019 may be eligible for additional time to make changes to bring their app(s) into compliance. If you have recently submitted a Permissions Declaration Form, we are in the process of reviewing your information and will respond to your application.

Make sure that your app is otherwise compliant with all other Developer Program Policies to prevent your app from being removed.
Alternatively, you can choose to unpublish the app.

Our Developer Program Policies are designed to provide a safe and secure experience for our users while also giving developers the tools they need to succeed. That is why we will remove apps that violate our policies. In cases of repeated or serious violations of our policies, we may also terminate your developer account and any related developer accounts.

We appreciate your willingness to partner with us as we make these improvements to better protect users.

Affected apps

Affected apps and permissions are listed below, up to 20; if you have additional apps, please ensure that they are also compliant with the Permissions policy.

Source

So, what has actually happened?

The changes in Google's permission policy affect all anti-viruses under Android 8 and later and make their SMS functionality inaccessible to users. The Android copyright holder now gives the go-ahead only to applications that process SMS information as part of their principal functionality.

And we repeat once again: Doctor Web is not the only party that has been affected by the policy update. Similar components are no longer available in other Android security applications.

Google assured everyone that the applications that really needed the permissions would remain in the software catalogue—if their developers can prove that an exception can be made for their app. And we tried to fight!

Exceptions to Call Log and SMS Default Handler restrictions

The objective of the above restrictions is to protect user privacy. We may grant limited exceptions to the default handler requirement in cases when an app is not the default handler, but abides by all of the above requirements and clearly and transparently provides a highly compelling or critical feature where there is currently no alternative method to provide the feature. Such features will be evaluated against any potential privacy or security impact on users.

Source

Now Android device owners will have more control over their data: they will be able to select which portion of their information will be accessible to applications. Under its Project Strobe initiative, Google updated its permission policy for Google Play software developers: now the call log and SMS permissions are only accessible to the phone and message applications that the user has selected as default call and messaging apps.

Source

Apparently security software is not important anymore. As a result:

Doctor Web is notifying users about Dr.Web Security Space Life’s sudden removal from Google Play.

It has been negotiating with Google for all the application features to remain available to users. However, currently Dr.Web Security Space Life is not available on Google Play.

Source

And Google is not the only company employing restrictions of this kind.

Apple demanded that the developer remove features facilitating control over applications and blocking access in Safari.

In an article on Kaspersky's blog, the company said Apple only objected to its Safe Kids app after the iPhone maker launched Screen Time for iOS 12. The new feature allegedly had functions similar to Kaspersky's parental control program.

Source

All in all, such policy updates are introduced under the pretext that user data must be protected from malicious programs stealing SMS data. But why not allow anti-viruses to do their job? We can't understand the logic behind such decisions.

#Google #Google_Play #Аndroid #SMS #mobile

Dr.Web recommends

Dr.Web never leaves users to face security issues on their own and does its best to keep users protected.

Users of Dr.Web Security Space Life licenses can contact our support service. Provide your license order number and the associated email address in the support query. In response, you will receive the application apk-file. Information about other life license usage options will be made available later.

Source

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments