Last week, I needed to create an application that used an API of Google. My process was pretty well known, and it went well. But after about two days, Google contacted me, asking for clarification about what the application is doing.
In addition to the full recording of the features, I had to submit a video that showed exactly each step. The fact was very strange as I did not meet it all the years I use the API of the company.
Let me remind you that I experienced something similar with a Facebook app: App on Facebook tried to do last?
Then they broke yesterday's news: Google + close service and data leaks So the following news is probably a natural consequence…
Google announced yesterday that it is planning to improve the privacy settings of Android users, Gmail and other services and applications that use data from Google accounts.
The company published yesterday the findings of an internal project called Strobe. The company used the project to analyze how third-party application developers interact with Google accounts, Android device data, and whether these interactions affect user privacy.
Google, as we said yesterday, has decided to close Google+, the company's social network, and make some other changes to enhance user privacy by limiting developers or changing existing APIs.
Some Android applications and services require additional permissions after they are installed or when a Google Account is linked to the application. They can request access to the calendar, contacts, or access to files hosted on Google Drive.
These requests are displayed at the same time, and so it is difficult for users to allow or block access. Many times they can not give these applications or services just certain rights. It is a whole or nothing approach.
Google plans to change license requests by issuing individual license requests to users. Thus they will be able to grant or reject requests individually.
The above screenshot shows the new process. It starts by choosing the Google Account you want to use for signing in, just as it is today. The process continues by displaying each request on its own screen giving users the option to refuse or allow data sharing operations. Finally, a screen showing all requests and permissions is displayed.
New policies for Gmail APIs will come into force on 9 January 2019. Google plans to restrict applications using the Gmail API and access Gmail data.
Only applications that directly improve email functionality such as email clients, email backup services, and productivity services (such as CRM and mail merge services) will only be authorized to access.
Google reports the following types of applications that will allow the use of APIs by Google Developers:
- Email Clients.
- E-mail backup applications
- Productivity enhancing applications.
- Report or track services and applications.
Applications that will continue to have access to the data should be reviewed by Google technicians. If you are a developer you can read this article on the Google Cloud blog for more information.
Applications will only be allowed to use the data for "functions required by users" and "will not be allowed to transfer or sell data for other purposes such as ad targeting, market research, email tracking and other non-related purposes".
The final changes will also affect apps requesting access rights to SMS, contact data, or general permissions on Android devices.
Only the application set as the default application for making or sending SMS will be allowed to access the data according to Google's new regulations.
There are, of course, some exceptions to this, e.g. for backup applications or for voice mail applications.
Google is reported to limit the access of third-party applications to user data, a much-delayed step. It remains to be seen how it will work in practice and of course that developers will accept it.
Here we should mention that Google restricts access to third-party applications, but the same data is constantly gathered on the company's servers. If you forgot to remind it that Google dominates the field of online advertising. So the above news can be encouraging for the end user, but basically we should all know that there can be no security and privacy as long as our data is stored on the internet.