Google Play is forcing apps to use Android’s Photo Picker for better privacy

The photos and videos you store on your Android device can reveal a lot about you. Therefore, it is very important to choose carefully which apps can access it. The best Android apps don’t ask for access to your phone’s entire media gallery unless they really need it, but many apps unfortunately ask for broad access to photos and videos when it’s not really necessary. Google has tried to address this problem by offering developers alternative, privacy-preserving methods to access photos and videos, but has so far been unable to get developers to use them. Soon, however, many app developers will be forced to use Google’s privacy-protecting photo and video picker.

With the launch of Android 13 in 2022, Google introduced the Photo Picker API, a privacy-preserving method for apps to access your photos and videos. By using the Photo Picker API, apps can request access to the photos or videos of your choice without having to ask permission to access your entire media gallery. It is intended for apps that have a one-time or irregular need to access certain photos or videos.

The Photo Picker is essentially a purpose-built version of the system file picker that has been around since Android 4.4 was released in 2013. While the System File Picker gives apps a privacy-preserving way to access any file on your device, the Photo Picker Picker only offers access to photos and videos. Google has given the Photo Picker a user interface better suited for selecting photos and videos, complete with larger previews and tabs for switching between all items and albums.

However, after its introduction, Google struggled to get developers to adopt it. The vast majority of Android apps continued to use either the old system file picker or their own homegrown picker, the latter of which requires broad access to photos and videos. Google tried to move the needle by improving the Photo Picker via updates that made it compatible with versions of Android up to version 4.4, made it take over from the system file picker when apps wanted to select photos or videos, and made it possible to select media from Google Photos. However, these changes still weren’t enough to convince many developers to adopt the Photo Picker, so Google used the most effective tool to force adoption: creating a new Google Play Store policy.

Last October, Google announced that it would eventually crack down on apps that “unnecessarily ask for the app” READ_MEDIA_IMAGES and/or READ_MEDIA_VIDEO permissions (on Android 13+) to access the user’s images and/or videos. This crackdown would initially begin “mid-2024” with a “request” for apps that have only a one-time or irregular need to access images and/or videos to READ_MEDIA_IMAGES and/or READ_MEDIA_VIDEO permissions. But from “early 2025,” “only apps with core functionality that relies on access to the user’s images and/or videos” would be allowed to use the READ_MEDIA_IMAGES And READ_MEDIA_VIDEO permissions.

At Google I/O earlier this year, the company announced it would begin enforcing this policy in August, but it appears it actually began its crackdown late last month. On the support page for Google Play’s photo and video permissions policy, Google says that on September 18 it began asking developers to “either submit a declaration form to qualify for core use/broad access, or to remove permissions (if one-time /infrequent use). Developers have until the end of this month to submit declaration forms, and those who do not will no longer be able to update their app on Google Play. Google is giving developers the opportunity to request an enforcement moratorium until January 22, 2025, but after that date the company will enforce this policy on all developers.

Developer Tolriq shared a screenshot of this declaration form on Reddit last month, stating that the only apps that use the READ_MEDIA_IMAGES And READ_MEDIA_VIDEO permissions are gallery apps or apps that focus on editing, managing and maintaining photos/videos. Google’s support page also mentions that “apps in the social, communications, photo/video editor, and others categories that may demonstrate broad access needs, such as photo editors, user-generated content platforms, image search functions, QR code scanners, and the like” can apply to retain these permissions. However, these apps must demonstrate a “core use case that requires persistent or frequent access to photos/videos.” Simply having a custom photo choosing experience does not qualify.

Either way, this new policy severely limits the number of apps that can request these two permissions, leaving many existing apps with no choice but to migrate to the System File Picker or the Android Photo Picker. While this forced migration is undoubtedly a win for privacy, it will mean a downgrade in functionality for some apps, as Android Photo Picker is still missing many features. For example, the Android Photo Picker still doesn’t have a search function, although Google says it’s in the works. It also doesn’t display local albums created by Android apps, requiring you to scroll through the “Photos” or “Videos” tab to find them. Finally, it also has no filtering or sorting options, the ability to select an album, or a way to quickly select many items.

Hopefully Google will address these issues in future updates to the Android Photo Picker, especially as this feature is forced into apps.