Google Play app+web now disallow seeing app perms, installing is the only way to

1 point

4 years ago

Google has removed the "Permissions" link on the pages of apps both in the Google Play app (latest version as of 2022-06-07) and on the Google Play website.

Not shipping a sample link so I don't get accused of trying to promote my app. Go to https://play.google.com and check any.

This also applies when trying to install app updates so you cannot easily notice if an update introduces new permissions. (Previous Play versions would even mark new permissions with a green "New" indicator, which helped a lot.)

The "Permissions" link was replaced with a "Data safety" link which merely contains something like a privacy policy, not the actual permissions the apps will request.

As a consequence, installing an app and using Android's own UI to view permissions is the only way to determine the perms now.

This implies that if bad apps upload private data right after installation they can frontrun the user's chance to review their permissions:

The Internet permission does not require manual consent via a popup, and certain permissions which reveal private data such as your phone number/identity and accounts on the device also do not require consent. So frontrunning is possible.

(IMHO this is not a theoretical scenario: The last time I searched for "flashlight" on Google Play there still was a flood of "flashlight" apps which wanted access to lots of private data, even though a flashlight shouldn't need any data at all.)