Google Revamping Gmail and Android Security

Currently, Google Account users grant an app a lot of permissions to access their Google Account data in one fell swoop. After the changes are implemented, consumers will be able to grant or deny each permission individually.

• By Jessica Davis
• Oct 10, 2018

Google will soon be offering Android users more specific control over Google Account data they can choose to share with third-party apps with Google’s application programming interfaces (APIs). Google announced this and other changes to Android and Gmail security in a post on their Google Developers blog Monday.

The changes come as part of “Project Strobe,” in which Google is reviewing third-party developer access to Google account and Android device data. In turn, Project Strobe comes after after questions from U.S. lawmakers about the ways Google controls and monitors third-party developer access to Gmail content and user data following a July report alleging employees of third-party developers often access Gmail content.

Currently, Google Account users grant an app a lot of permissions to access their Google Account data in one fell swoop. After the changes are implemented, consumers will be able to grant or deny each permission individually.

For example, if a developer requests access to Google Calendar data and Google Drive, a user can allow access to one and deny access to the other as they choose. The change gives the user more control over their own data.

On their blog, Google recommends to app developers that they request permission to access Google Account data only when necessary. They also suggest that developers include a clear explanation of why the app needs access to user data and what user data will be used for.

Next year, Google will also restrict access to Gmail content to apps that directly work to enhance email functionality.

These changes will roll out to new clients beginning this month and will be extended to existing clients early next year.