After the recent Google+ security leak, Alphabet Inc. is limiting access to users' SMS and Call Log histories. Starting this month, Google has refined its Developer Program Policies to include limits to call log and SMS permission access, explicit prohibitions against surveillance and "commercial spyware apps," and new Android Contacts API restrictions.
Apps are only supposed to request permission for what is needed to make the app function. But, in the real world, any Android app can ask permission to access a users’ phone and SMS data. We've all seen apps like the one below at some point in our lives.
A new change in the Developer Policy will make it so only the default phone and SMS apps can access the call logs and messages. This is important because it will restrict access to only one or two apps at a time. Even if you have an app like Facebook Messenger installed, which can access SMS conversations, it won’t be able to do it unless it’s set as the default. So even if the user is giving out permission nonchalantly to several apps, only the app they use can access the information.
Google has posted a Help Center article to help developers find alternatives to these permissions. Developers have 90 days from the policy update to issue updates to their apps. After that, the updated Developer Policy will be enforced. The move is a welcome one as users often tend to overlook the permissions an app asks before installing it. There will, however, be a certain degree of inconvenience to users as some payment apps used SMS permissions to read 2FA codes received via text. Now it isn't much of a hassle to enter it yourself, but once you get used people used to a convenience, it's hard to ween them off of it.