Security and privacy on the open-source Android have been two of the major concerns since the OS first became a mass product and overtook Apple in the number of users.
With the introduction of Android Q Beta 1 and Beta 2 updates, Google is laying the framework for a more secure Android experience for end users as well as some significant changes for developers.
“Developer-centric approach and openness have been cornerstones of Android’s philosophy from the beginning. These are not changing,” Google stated.
“Users want more control and transparency over how their personal information is being used by applications, and expect Android, as the platform, to do more to provide that control and transparency.  This responsibility to users is something we have always taken seriously, and that’s why we are taking a comprehensive look at how our platform and policies reflect that commitment.”
To upgrade the security on Android OS, the company is making changes to its developer policies — limiting or changing their capabilities to access user data.
While the permissions required by a particular app have been transparent for quite some time on Google Play Store, the company has rolled out a fresh set of instructions for ‘Android runtime permissions’, which keeps user privacy at the forefront.
In 2018, Google made changes to the SMS and Call Log permissions on Android, as part of Project Strobe, and made the availability of this data restricted. For example, an app would only be able to read SMSes if the user is using it as their default text message app.
By doing this, Google has made some app features redundant and reduced accessibility, but at the same time, they’ve decreased the number of apps that have access to sensitive user information by more than 98%.
“To better protect sensitive user data available through these permissions, we restricted access to select use cases. . We understood that some app features using this data would no longer be allowed — including features that many users found valuable — and worked with you [developers] on alternatives where possible.”
Also read: What is EULA? Why is it used?
What has changed for Developers?
As Google tries to improve user privacy on Android, it creates extra work for developers, and to make things better for Devs, the company is implementing a few changes based on feedback.
According to Google, developers had the following issues:
- Developers showed concern filling the ‘Permission declaration form’ as several case description in the permissions weren’t clear, which made them hard to complete correctly.
- Another issue pointed out was that of ‘Timeliness in review and appeals process’; developers complained of long waiting time for getting answers from Google about whether their app met the requirements to get published on the Play Store as well as the time it took to appeal against a decision by the company.
- The lack of human involvement in the process also frustrated some of the developers, who felt that all of the decisions and responses were automated and it was hard to reach a person employed by Google to discuss things.
To make life better for developers, Google is implementing the following things:
- The company is amending the emails that are sent for rejections and appeals to reflect more details that will include ‘why a decision was made, how you can modify your app to comply, and how to appeal’.
- The appeal process is being improved. Developers will receive appeal instructions as well as the appeal form with details in enforcement emails.
- The company claims that humans and not bots are already performing the review process, but they will improve on their correspondence so that the responses feel more personalised. Google is also adding more people to its review team to accelerate the process.
For first-time developers
For developers who don’t have a track record with Android, the company will be taking additional time (several days) to review apps. This will be done to ensure that no policy violation is done, especially where user data is concerned.
“This will allow us to do more thorough checks before approving apps to go live in the store and will help us make even fewer inaccurate decisions on developer accounts.”
Google is also making it easier for developers to file an appeal in case their account has been suspended and they feel it was an error.
Also read: Stable vs Beta vs Dev vs Canary builds of Chromium-based projects