On app tracking, both Android and iOS have to do better

Mobile app use continues to climb in enterprises worldwide, and it won’t be long before almost all employee/contractor communications take place over mobile devices. That’s why it’s such a threat to security and compliance that mobile apps have extensive access to everything on a device — and few limitations on what those apps can share.

Apple argues that it’s already doing something about this in iOS with its app tracking transparency push. But a report in The Washington Post last week undermines the company’s promises. Why? Because Apple has been trusting app vendors to actually do what they agree to do. (No one could have foreseen that blowing up.)

Before we dig into the latest Apple app-data-sharing developments, there’s a bit of potentially good news coming for Google Android users. In a blog post this month, Android pledged to roll out new rules starting in December that would, by default, lock out any permissions for apps that haven’t been used in a while. 

This would basically protect users from old apps they’ve forgotten, making sure that app access to sensitive device information is limited. This differs from Apple’s tack in that it doesn’t appear to rely on vendor cooperation.

“In order to work, apps often need to request certain permissions, but with dozens of apps on any given device, it can be tough to keep up with the permissions you’ve previously granted – especially if you haven’t used an app for an extended period of time,” the blog post said. “In Android 11, we introduced the permission auto-reset feature. This feature helps protect user privacy by automatically resetting an app’s runtime permissions – which are permissions that display a prompt to the user when requested – if the app isn’t used for a few months.

“Starting in December 2021, we are expanding this to billions more devices,” the post continued. “This feature will automatically be enabled on devices with Google Play services that are running Android 6.0 (API level 23) or higher. The feature will be enabled by default for apps targeting Android 11 (API level 30) or higher. However, users can enable permission auto-reset manually for apps targeting API levels 23 to 29.”

Copyright © 2021 IDG Communications, Inc.