The Google Play Store on your phone has gone through a lot of changes in the last year, some of which have made certain features harder to find while pushing others to the forefront. Don’t go hunting for the app permission section of a listing, though. It’s not hiding — Google has removed it. Instead, the Play Store will rely on developers to truthfully explain an app’s privacy and security practices.
It might be hard to believe at this point, but there was a time when we were just expected to install apps without knowing what data they would access. It wasn’t until Android 6.0 Marshmallow that Google gave us the option to allow and deny individual permissions, following a similar move by Apple. Even before that, the Play Store would show the permissions of apps so you could decide if it was worth downloading them. That’s no longer the case — the Play Store has stopped showing a full list of permissions included in an app.
Starting this month, Google is requiring developers to fill in the new Data Safety report. This is a replacement for the traditional list of app permissions. The deadline for providing this info is July 20th, says Ars Technica, but it’s up to devs to ensure it’s accurate. Not only does this include the types of data collected, but it also allows devs to discuss what they do or don’t do with that data.
While you can still deny sensitive permissions as they are requested, the Data Safety report would be extremely easy to game. All a developer has to do is lie about what data the app collects or what is done with it, and users may never know. Would Google even know? The company says it will take action if it finds the developer-provided descriptions to be inaccurate, but it’s unclear how tough Google will be in policing accuracy.
On the other hand, simply looking at a list of app permissions doesn’t tell you as much as it used to. In the past, apps that wanted to follow you around or monetize your personal data had to request powerful permissions like access to file management, location, and contacts. Today, there a plethora of trackers and device IDs that can do many of the same things, and a greater threat is what a developer chooses to do with your data after they have it. And just because an app in 2022 has a location permission doesn’t mean it’s ever going to request your location.
With the launch of the Data Safety section on Google Play, which will be mandatory for all apps in 1 week, it seems the app permissions list is going away in both the mobile app and the web.
— Mishaal Rahman (@MishaalRahman) July 13, 2022
The Data Safety section should provide more insight into this behavior, but only if developers are honest. Those who set out to defraud and scam will almost certainly lie in the Data Safety box. If you’re particularly worried, you can always look at the permission list after installing an app. There is also a third-party alternative to the Play Store called Aurora that does still show a full list of permissions before download.