You don’t have to worry about a shady Android app will steal contacts or share your whereabouts constantly for longer periods of time. Google provides features and policies that limit how apps request contact and location data.
All Play Store apps are targeted Android 17 and if they later want access to invite users, share content, or manage one-time requests, they’ll need to use the new Google contact picker. The new frontend lets you select specific people, so you don’t feel pressured to share more details than you want to. If the app requires always-on access, the developer will need to submit a Play Store declaration justifying the always-on request.
Apps built for Android 17 will also have to use the new location button when requesting precise location information at once. The move is to simplify location requests and discourage app makers from asking for more location information than they need. Developers will need to make a Play Store declaration if they need active, accurate location information at all times. Apps that only need coarse data, such as some weather apps, will not require special permissions.
Starting October 27, Google will begin flagging contacts and location permission issues before app reviews. Google says that the forms for filing the declarations will be available “before October”.
Permission abuse is a real problem
Many apps have practical reasons for accessing your contacts and location. A social media service like Threads or TikTok might ask for your contact list when you want to invite friends, and a camera app might need your location when you share the location of a photo.
However, it’s still common for apps to ask for permission for this data when the usage isn’t clear or necessary. Your browser may, for example, ask to sync contacts without a full explanation. While many of these uses are relatively innocent, there are also rogue apps that can abuse contacts and location to spam your friends or friends. i follow you.
New requirements in Android 17 potentially limit this abuse. Developers will ideally be more economical with connection and location requests and think carefully before requesting persistent access. This won’t prevent apps from outside the Play Store from abusing data, but it can improve privacy if you stick to Google’s official store.
The move can also reduce your exposure to data breaches. While Google can’t control app data on third-party servers, the new policies should minimize damage in the event of an intrusion. Hackers may only get a few views of your location instead of a full record. This, in turn, can reduce risks identity theft or targeted scams.
Source: Android Developers
