Google on Thursday said it’s backtracking on a recent change that removed the app permissions list from the Google Play Store for Android across both the mobile app and the web.
“Privacy and transparency are core values in the Android community,” the Android Developers team said in a series of tweets. “We heard your feedback that you find the app permissions section in Google Play useful, and we’ve decided to reinstate it. The app permissions section will be back shortly.”
To that end, in addition to showcasing the new Data safety section that offers users a simplified summary of an app’s data collection, processing, and security practices, Google also intends to highlight all the permissions required by the app to make sense of its “ability to access specific restricted data and actions.”
The reinstatement comes as the internet giant moved to swap out the apps permission section with the newer Data safety labels last week ahead of the enforcement deadline on July 20, 2022, which requires developers to provide information about “how they collect and handle user data for the apps they publish on Google Play.”
A quick check, however, shows that apps like Tor Browser, Discord, and those from Amazon, including its namesake app, Kindle, Alexa, Amazon Music, and Amazon Photos, continue to not include a Data safety section.
The new system also comes with its own set of problems in that it completely relies on the developers to make “complete and accurate declarations,” potentially leading to scenarios where it could be misleading or flat-out inaccurate.
In contrast, the apps permission list is derived from the permissions declared by the developer in an app’s manifest file.
It’s worth noting that the Apple App Play Store has a similar policy in place for its privacy “nutrition” labels that allows developers to highlight “self‑reported summaries of some of their privacy practices,” a method that, as a report from The Washington Post found, “falls short of being helpful.”
Google, however, states in its support documentation that it may take appropriate enforcement action if it runs into cases where there is a discrepancy between an app’s behavior and its declaration.
You can also read this: PyPI Repository Enforces 2FA for Critical Python Projects