Google says that some 2018 policy changes lead to a 98 percent drop in the number of Play Store apps that ask users for access to call log and SMS data last year.
According to a blog post detailing the effect of policy changes on combatting bad apps and malicious developers, Google claims its changes have had a tangible effect. Along with the reduction in apps asking for access to call and SMS data, Google reports that its “improved vetting mechanisms” stopped 790,000 policy-breaking apps from reaching the Play Store.
Additionally, Google says it Play Protect system blocked over 1.9 billion instances of non-Play Store malware.
The effect on apps using call and SMS permissions is particularly profound, however. In October 2018, Google announced a new policy that restricted which apps could ask for access to call log and SMS data. In early 2019, Google doubled down on the policy, warning it would remove all non-compliant apps from the Play Store.
Clearly, the tactic worked — a 98 percent decrease is nothing to sneeze at. Further, Google says the remaining two percent of apps actually need call and text data to perform core tasks.
However, Google’s post makes things seem better than they are. Malware is still very much a thing on Android — just last year, researchers discovered the ‘Agent Smith’ malware that replaces code within apps. Further, researchers recently discovered a Bluetooth vulnerability in Android 8 and 9. While Google issued a patch, many users with affected devices may never get it, potentially leaving hundreds of thousands of Android phones exposed.
Further, Google’s effort to curb permission abuse on Android should be applauded, but more stringent policies and changes to permissions in Android 10 likely won’t stop permission abuse entirely.
Regardless, Google is making progress and Android users are the better for it.