Android 17 stops apps from demanding access to all your contacts
You may not have to worry about a questionable Android app stealing contacts or constantly sharing your details for much longer. Google is introducing features and policies that will limit how apps ask for contact and location information.
All Play Store apps targeting Android 17 and above will need to use a new Google Contacts picker if they want access to inviting users, sharing content, or handling one-off requests. The new front-end lets you choose specific people, so you shouldn’t be forced to share more details than you want. If an app requires constant access, the developer will need to submit a Play Store declaration justifying a permanent request.
Apps built for Android 17 will also need to use a new location button when they want timely and precise location data. The move aims to simplify location requests and discourage app creators from requesting more location data than they need. Creators will need to make a declaration on the Play Store if they need accurate, always-available location information. Apps that only need coarse data, like some weather apps, won’t need special permission.
Google will begin reporting contact and location permission issues before reviewing apps starting October 27. The forms for making declarations will be available “before October”, specifies Google.
Permission abuse is a real problem
Many apps have practical reasons to access your contacts and location. A social media service like Threads or TikTok might need your contact list when you want to invite friends, while a camera app might need your location when you share where a photo was taken.
However, it is still common for applications to request permission to access this data when its use is not clear or necessary. For example, your browser may ask for contacts to be synced without a full explanation. While many of these uses are relatively innocent, there are also malicious apps that can abuse contacts and location to spam your friends or stalk you.
New requirements in Android 17 potentially limit this misuse. Developers will ideally be more sparing in contact and location requests, and will think carefully before requiring non-stop access. This won’t stop apps outside the Play Store from misusing data, but it could improve privacy if you stick to Google’s official store.
This move could also reduce your exposure to data breaches. Although Google cannot control app data on third-party servers, the new policies should minimize damage in the event of an intrusion. Hackers might only have a few glimpses of your location rather than a full record. This in turn could reduce the risks of identity theft or targeted scams.
Source: Android Developers
