Google announces major shifts in Android 17 permissions, replacing broad contact access with a secure 'Contact Picker' and introducing a one-time location button to combat data harvesting.
Google has unveiled a significant privacy overhaul for Android 17, targeting how third-party applications handle sensitive user data. The update aims to minimize the 'permission footprint' by moving away from broad access protocols.
Key Changes in Android 17 Permission Model:
* New Contact Picker: The legacy READ_CONTACTS permission is being deprecated. Apps must now use the new Contact Picker API, which allows users to select specific contacts rather than granting access to the entire database. Developers requiring full access must now submit a formal justification to Google.
* One-Time Location Access: A new standardized location button allows users to grant precise location data for a single session only. A persistent indicator will now alert users whenever a non-system app accesses their coordinates in real-time.
* App Transfer Protection: Starting May 27, 2026, Google will enforce a native account transfer feature in the Play Console to prevent fraudulent app ownership changes and the sale of developer accounts on third-party marketplaces.
Ad-Safety and AI Integration:
Google also reported its 2025 enforcement statistics, revealing that it blocked over 8.3 billion policy-violating ads and suspended 24.9 million accounts. The company is now heavily utilizing its Gemini AI model to detect intent-based malicious ads (Malvertising) that bypass traditional keyword filters.
Technical Note: Developers targeting Android 17 should begin auditing their manifests for READ_CONTACTS and ACCESS_FINE_LOCATION flags to ensure compliance before the October 2026 deadline.
Key Changes in Android 17 Permission Model:
* New Contact Picker: The legacy READ_CONTACTS permission is being deprecated. Apps must now use the new Contact Picker API, which allows users to select specific contacts rather than granting access to the entire database. Developers requiring full access must now submit a formal justification to Google.
* One-Time Location Access: A new standardized location button allows users to grant precise location data for a single session only. A persistent indicator will now alert users whenever a non-system app accesses their coordinates in real-time.
* App Transfer Protection: Starting May 27, 2026, Google will enforce a native account transfer feature in the Play Console to prevent fraudulent app ownership changes and the sale of developer accounts on third-party marketplaces.
Ad-Safety and AI Integration:
Google also reported its 2025 enforcement statistics, revealing that it blocked over 8.3 billion policy-violating ads and suspended 24.9 million accounts. The company is now heavily utilizing its Gemini AI model to detect intent-based malicious ads (Malvertising) that bypass traditional keyword filters.
Technical Note: Developers targeting Android 17 should begin auditing their manifests for READ_CONTACTS and ACCESS_FINE_LOCATION flags to ensure compliance before the October 2026 deadline.
TAGS:
#Android17
#Privacy
#GooglePlay
SHARE: