Google's updated Play Store policy ensures Paytm, Swiggy, Jio, other apps can't ask for access to call logs, SMSes

Google is tightening control around all its products and services in the wake of the Google+ security breach that led to its shutdown.

Following a massive security breach at Google+, Google’s just-shuttered social networking platform, the tech giant has announced a change in Play Store policies to arrest the leak of sensitive user data.

Starting today, all Play Store apps that seek access to call logs and SMS data from users need to be the default phone, SMS, or Assistant app on their devices. Until now, several apps compelled users to grant access to such data. If a user denied permissions, the app would restrict usage.

In India, popular payments apps like Mobikwik, Paytm, ticketing apps like BookMyShow, GoIbibo, MakeMyTrip, entertainment and OTT apps like JioTV, SonyLIV, food delivery apps like Swiggy, Zomato, shopping apps like Amazon, Paytm Mall, and several others fall under this category.  

Google wrote on its official Android Developers Blog,

“Going forward, Google Play will limit which apps are allowed to ask for these permissions. Only an app that has been selected as a user's default app for making calls or text messages will be able to access call logs and SMS, respectively.” 

Essentially, Google doesn’t want apps whose “core functionality” is not calling, messaging or voice to have access to user call logs and SMSes. It has given app developers a period of 90 days to comply with the updated policy.

“We'll be working with our developer partners to give them appropriate time to adjust and update their apps, and will begin enforcement 90 days from this policy update,” Google stated.

Google also revealed it is open to exceptions, and will collaborate with developers whose apps require call log or SMS information for “core app functionality”. These include caller ID services like Truecaller, SMS management apps like Textra, call recording apps, and so on. 

Developers who do not comply with the policy by January 6, 2019, will not be allowed to publish their apps on Play Store. They could, however, continue asking for call log and SMS access on the Amazon Appstore, and in the overall Android ecosystem.

In the wake of the Google+ data breach, the search giant intends to tighten security around all its consumer products.

Paul Bankhead, Director, Product Management, Google Play, said,

“In the coming months, we'll be rolling out additional controls and policies across our various products and platforms, and will continue to work with you, our developers, to help with the transition. The trust of our users is critical and together we'll continue to build a safe and secure Android ecosystem.”

India has one of the largest Android user bases in the world. It would be interesting to see how top consumer apps and services in the country go about complying with the updated policies, and if this would have any impact on app usage.