You don’t have to search very hard in our archive of stories here to find tons of examples of Android apps behaving badly. Everything from apps forcing adware on you to apps stealing personal data and credentials, logging into your Google and Facebook accounts surreptitiously, and so much more (with examples here, here, and here). It’s clear that as adept at Google is at software, the search giant still has a problem with the ability of apps to sneak into its proprietary app marketplace, masking their malicious intent.
The company has been taking incremental steps toward reversing that tide, with another one having been announced today — and this one is a move to require developers to get approval from Google going forward if they want to be able to access the location data of a user in the background.
In a company blog post published on Wednesday, Google Play director of product management trust and safety Krish Vitaldevara noted that this builds on changes made last year to increase user safety such as limiting the use of sensitive permissions and doing more to catch bad actors before their apps ever reach the Play Store.
In Android 10, Vitaldevara goes on to note, users were given additional control to only grant location data access when an app is in use, “which makes location access more intentional.” Accordingly, more than half of the users choose the “While app is in use” location data-sharing option. “Now in Android 11, we’re giving users even more control with the ability to grant a temporary ‘one-time’ permission to sensitive data like location,” the blog post notes. “When users select this option, apps can only access the data until the user moves away from the app, and they must then request permission again for the next access.”
Google will be updating its Play Store policy later this year to require that developers get approval if they want to access location data in the background, and as part of that permission, Google will be asking questions that include whether or not the feature delivers “clear value” to the user, and whether or not the same experience can be delivered without accessing location data in the background.
As an example, Vitaldevara notes that it would be okay for an app with a store locator feature to access a user’s location when the app is visible to the user. However, that app “would not have a strong case to request background location under the new policy.” Per Google’s post today, here’s the schedule for the rollout of this policy change:
- April: official Google Play policy update with background location
- May: developers can request feedback on their use case via the Play Console with an estimated reply time of two weeks, depending on the volume of requests received
- August 3rd: all new apps submitted to Google Play that access background location will need to be approved
- November 2nd: all existing apps that request background location will need to be approved or will be removed from Google Play