According to the new policy, any apps handling users’ personal information like email addresses or phone numbers, or device data will have to prompt users before doing so. They will also have to expressly ask for consent to share the data; while also highlight how the information will be used.
Apps that collect crash information will also be subject to this policy, and will be limited in how much information they can transmit without user approval. Essentially, this means that diagnostic tools must request express user permission before sending information about packages installed on the device to developers.
More importantly, this policy will extend to apps that have not been downloaded from the Google Play Store.
It should be noted that Google is not outright banning apps that don’t ask for permission. All that users will see is a warning, and one that doesn’t quite stop them from using the app in the first place.
Developers have 60 days to get with the programme before Google starts rolling it out. Which should be ample time to publish a small update. Or they can simply ignore the change and hope that most users will continue to ignore Android’s numerous warnings.
[Source: Google Security Blog]