Google will soon be offering users finer-grained control over Google Account data they can choose to share with apps via Google’s application programming interfaces (APIs).
The company revealed the upcoming changes to Google Account permissions alongside news it was shuttering Google+ and the revelation that it didn’t tell users about a security bug in the social network because it feared it would attract regulatory scrutiny.
In future, instead of consumers granting an app a whole bunch of permissions to access Google Account data with one press of a button, users will get to grant or deny each permission, one at a time.
It will mean, for example, that when a developer asks for access to calendar data and permission to view files stored in Google Drive, users can agree to grant access to one but not the other.
Users will in future be asked to allow or deny each of these permissions separately, one after the other. The end result is more control for the user.
The move follows questions from US lawmakers about how Google controls and monitors third-party developer access to Gmail content and user data after a July report alleged employees of these developers frequently access Gmail content.
As reported by ZDNet yesterday, Google next year also will restrict access to Gmail content to apps that directly enhance email functionality — such as email clients, email backup services and CRM and mailmerge services.
The finer-grain Google Account permission controls are another strand of Google’s response to findings of its Project Strobe audit revealed yesterday.
This project also builds on stricter rules Google rolled out last year for web app developers who access user account data via Google’s OAuth infrastructure.
Google is advising developers who use Google OAuth and its APIs to only request permissions when needed, and to provide justification before asking for access.
The changes will roll out to new clients this month and will be extended to existing clients in early 2019.
Previous and related coverage
Only apps selected as the device’s default app for making calls or sending text messages will be able to access call logs and SMS data from now on.
All Gmail third-party apps with full access to Gmail user data will need to re-submit for a review by February 15, 2019, or be removed.
Search giant says it found no evidence that any user data was misused.
Following feedback from its users, Google+ is getting a makeover, with the search engine giant admitting that decisions it had made in the social networking space previously, were not necessarily the best, and it will start with decoupling YouTube comments.
Browser maker faces backlash for failing to inform users about Chrome Sync behavioral change.
The search giant comes under fire for hoarding cookies and logging its website users into Chrome.