Google will let users decide what information they want to share with external developers
Less than a day ago Google announced its decision to shut down Google+ because of a massive data leak (something that does not surprise anyone). Continuing with the security measures to mitigate the risks generated by this incident, Google has made several significant changes for users to have more control over the data they share with the applications they use.
According to experts in digital forensics from the International Institute of Cyber security, these changes are part of a complete review project on the access that external developers have to Google accounts and Android device data of the users.
Restriction of access to data of calls and SMS
Google announced some novelties in the form of approval of the permissions for the applications of Android, waiting with this to avoid the abuse and the possible leaking of confidential data of calls and SMS on the part of external developers.
While apps are supposed to only ask for the permissions needed to work properly, any Android application requests access to your phone and SMS data without this being truly necessary for its operation.
To protect users against this possible surveillance, Google has finally included a new rule in its Google Play developer policy that now limits the use of call and message data access permissions to default applications, as reported by specialists in digital forensics.
Restricted Gmail API
Because APIs can allow developers to access sensitive information from Gmail accounts, Google has decided to limit access to the Gmail API only for apps that directly improve email functionality, such as inbox backup services.
New privacy interface for third-party application permissions
When third-party apps ask users to approve their permissions, they often pass all permissions with a single click, leaving an opportunity for malicious apps developers to go into action. Now, with the update of the Google services approval system, users will have to approve the permissions requested by the applications one at a time, so they decide which ones to approve and which not.
While this policy update is effective this week, developers have been given a deadline of 90 days (ends January 6) to update their applications and services. After that, the updated developer policy will be applied automatically, according to specialists in digital forensics.
In addition to these changes Google will announce in the upcoming hours its new line of mobile devices.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.
