Google brought one of Android 11's best privacy features to every Android phone the company still actively supports, and it did it through the magic of Google Play Services.
Soon, every phone running a version of Android 6 or later will be able to automatically revoke system permissions if you haven't used the app in a while. Android 6 is the cutoff because it's also the minimum version that supports the latest adaptation of the beast that is Google Play Services. It's also quite old, and you're going to find newer software on all of the best Android phones you can buy in 2021, as well as the not-so-great ones.
This move is more important for your privacy than it may appear at first glance. In an interview with Google's privacy team, I spoke with product manager and privacy specialist Charmaine D'Silva at length about this feature when it was new. Her explanation drives home why this is important:
"There are so many times we actually interact with apps and use them because at that moment, it's really important. As we move away from that situation, that app may not be something you use all the time, so we use the same type of thinking for permission revocation. Say you visit a new city, and you need to use an app for ride-sharing or visit local attractions. When you leave, people usually don't go back and delete these apps very frequently if they have a phone with a lot of storage. That app may still have access to all the permissions you granted, which were completely appropriate and relevant at the time. But if you aren't really using that app, it shouldn't have access to these permissions any longer."
Her example in our interview was a hypothetical that many of us could relate to: You're in a new city for work and install a local delivery app to grab a bite to eat while you spend a night in being productive. You get your meal, you enjoy your meal, and once you head back home, you never use that app again. You shouldn't be OK with it staying alive in the background, pinging your location, or checking how long your screen has been on because you no longer benefit from using the app.
An app you don't use shouldn't be collecting your data.
Starting with Android 11, 39 days after you last used an app, any permissions you granted are automatically revoked. You get a notification, so you can choose to prevent it, but other than that, there's no input needed from you. Your data is also safer as a result.
This really drives home the power of Play Services and why Google has worked hard to turn it into what it is today. As someone who values privacy, personal responsibility, and user choice, I don't like the idea of an expanded Google Play Services "platform," but I see the reason why it's evolved so much. I just wish there were other alternatives than just Google's way.
A lot of us just want our phones to be safe and do cool things.
I also recognize that most users would rather know that their phone is more secure and their data is more protected against third parties by default because Google can do so. Play Services is equally powerful as the level of control the company that actually made your phone has over the software. Google makes exceptions for device admin apps like any that would be on a company-supplied phone, but other than that, everything is fair game, and Play Services has the final say.
It had to be this way, though. Google has done everything in its power to make Android easier to update, and we have seen how well this can work. Some companies are more willing to invest time and money (Samsung comes to mind), and we have seen quick security updates as well as a longer level of service, support, and platform updates because of changes to how Android works.
Play Services may give Google too much control, but someone has to take charge.
But not every company is invested in making sure you love your phone after you buy it like Samsung. There are still plenty of companies that do less than the bare minimum when it comes to keeping your phone's software secure and up to date. Google can't have this as it holds the entire platform back. So when holding hands and helping to make it easy didn't work, a new way to mitigate issues and support more unique features had to happen. So it did.
Is a closed component written in-house by Google and distributed to every Android phone with this level of control a good thing? Possibly not. I say it's not, but I also say it's necessary. I know that it's good for the Android ecosystem as a whole and allows you to use a device you love longer than you would be able to without. In the end, that's a positive for all of Android.
