Google promised to work with developers and create exceptions if their apps require phone or SMS permissions for core functionality. The issue stems from the fact that many apps request permissions to access users’ personal information, even if this information is not needed for the app to function, and some users unquestionably grant these permissions. In September 2014, Jason Nova of Android Authority reported on a study by the German security company Fraunhofer AISEC in antivirus software and malware threats on Android. The new permissions model is used only by applications developed for Marshmallow using its software development kit (SDK), and older apps will continue to use the previous all-or-nothing approach.