Google gives Android apps a lot more leeway than we see from Apple with iOS, and it helps keeps users advised of just what their apps are and aren’t able to do by means of the Android permissions system. Before installing an app, users are able to review what sort of access it needs, and decide not to go through with the installation should they find those permissions too broad. But recently Google attempted to streamline things by bundling permissions together, and not requiring users to approve the addition of new permissions during an automatic app update, so long as they were part of a group that had already been allowed. Now devs are raising the warning flag, saying that Google is opening users up to the potential for abuse.
The problem is how very different the impact can be of permissions within the same groups. A user may not think twice about an app that only gathers coarse location data, or is able to just read text messages. The problem is, devs can now push updates to apps with such innocuous permissions that step things up to do things like gather fine location data, or to compose and send new text messages (and possibly driving up your cellular bill in the process). For users who have set Google Play to allow for automatic updates, they’d never be apprised of these new permissions.
Android users concerned with keeping an eye on app permissions are advised to disable automatic updates and to manually review changes to their apps as they arrive.