Android’s game of catch-up with iPhone continues, with Google confirming the frightening scale of threats it is removing in real time. The company took action against more than 2 million “harmful” apps and 150,000 “bad” developers last year. That’s good — but a change it has just quietly confirmed could be even better.
Permission abuse is rife across Play Store, as seen with this week’s warning that even its most popular apps seek “unnecessary permissions, show glaring security weaknesses, and fail to adhere to even basic privacy standards, putting you at considerable risk.”
But just as Google has clamped down on low-quality, high-risk apps and restricted sideloading, it now has permission abuse firmly in its sights and will “automatically revoke app permissions for potentially dangerous apps.”
Google already removes permissions from apps that you haven’t used in a while, ensuring that an army of apps can’t harvest your data in the background long after you’ve forgotten they’re even installed. Now it is taking this to the next level.
“To further enhance security, Play Protect now automatically revokes permissions for potentially harmful apps, limiting their access to sensitive data like storage, photos, and camera.” You can obviously add back those permissions if you want to, but you’ll need to override a security warning to do so, just to be sure.
The other major change is the Play Integrity API. This enables apps to check that they originated from Play Store and have not been tampered with. More controversially, it will also begin differentiating between devices and OS versions next month, meaning that a developer can restrict an app’s full functionality to Android 13 or newer.
“Safeguarding apps from scams and fraud is an ongoing battle for developers,” Google says. “Apps using Play integrity features are seeing 80% lower usage from unverified and untrusted sources on average,” and, “over 91% of app installs on the Google Play Store now use the latest protections of Android 13 or newer.”
Suffice to say, apps that sneakily secure sensitive permissions, such as access to your camera or microphone or phone are not to be trusted. You should not keep this spyware on your phone and follow Google’s advice and popup to uninstall when flagged.
