Mobile platforms, actually almost all software these days, hinge their privacy and security features around the permissions systems. Apps that don’t require access to certain features or hardware shouldn’t be able to access them, and when they do, they need to get the user’s consent first. Android has refined that system over time and has allowed users to grant or revoke apps’ permissions at any time. Not all realize that, however, and some might have even forgotten that they have some apps installed. That’s what the permission auto-reset feature was made for, and it’s coming to phones running something as old as Android 6 Marshmallow.
It’s almost too easy to install Android apps and just as easy to grant them permissions they may not really need. That may be well and good for one-off apps, but people have a tendency to let apps linger on their phones even if they’re unused for months. With the proper permissions, these apps can become vulnerabilities, potentially allowing malware to infect the device.
That’s why Google developed a new feature in Android 11 that would automatically reset permissions if an app hasn’t been used for months. Although it has exceptions for certain types of apps, the general behavior is that users will be asked to grant permissions again if they ever opened the app for the first time after a long while. That keeps late 2020 to 2021 phones more secure but leaves the majority of the Android-using population still vulnerable.
Starting December, however, Google is pushing the feature to support Android 6 and later devices. Once the update has been rolled out, permission auto-reset will be enabled by default on compatible devices. And by compatible devices, this means Android phones, tablets, and the like with Google Play services.
That said, users can still enable automatically resetting permissions even without Google Play services, as in the case of custom ROMs or uncertified devices. It just won’t be the default behavior, and they will have to do it manually per app, which can be a tiring process.