According to Google, only an app that has been selected as the phone’s default app for making calls or sending text messages will be able to access call logs and SMS data via the SMS and Call Log permissions.
The new policy entered into effect yesterday. Android app developers have 90 days to update their apps accordingly.
Google says that alternative APIs, such as the SMS Retriever API, the SMS Intent API, the Share Intent API, or the Dial Intent API can be used as replacements for some of the features powered by having direct access to the SMS and Call Log permissions.
The Android OS maker hopes that by restricting access to the SMS and Call Log permissions it will reduce the instances where a simplistic Android app tricks users into giving it access to these two permissions, access they use to harvest call records and SMS data, which they later upload to an online server for further analysis.
These types of malicious apps have been a plague on the Play Store for the past few years. They are usually disguised as flashlight apps, games, game guides, cheats, or other worthless tools, but which request access to a trove of permissions that they later use to harvest user data to sell to advertising companies.
In a blog post on the Android Developers Blog, Google said it would be rolling out additional controls across several products and platforms in the coming months to stop this kind of abusive behavior.
The new Play Store policy in regards to access to the Call Log and SMS permissions was announced as part of Project Strobe, a coordinated effort on Google’s part to secure user data.