this post was submitted on 30 Mar 2025
199 points (98.1% liked)

Privacy

5688 readers
13 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
iopq@lemmy.world
199
Everyone knows all the apps on your phone (peabee.substack.com)
submitted 5 days ago* (last edited 5 days ago) by Ninjazzon@infosec.pub to c/privacy@lemmy.world
27 comments fedilink hide all child comments
 

Until a few years ago, any app you installed on an Android device could see all other apps on your phone without your permission.

Since 2022, with Android 11, Google removed this access from app developers. Under their new package visibility policy, apps should only see other installed apps if it’s essential to their core functionality. Developers must also explicitly declare these apps in the AndroidManifest.xml file - a required configuration file for all Android apps.

So I downloaded a few dozen Indian apps I could think of on top of my head and started reading their manifest files. Surely they will be respectful of my privacy and will only query apps essential to their app's core functionality? πŸ™ƒ

you are viewing a single comment's thread
view the rest of the comments
[–] Imgonnatrythis@sh.itjust.works 18 points 5 days ago (2 children)

Seems like a simple 5 app limit on what developers can query should be sufficient. Also seems like this should be something users should be allowed to disable completely - at worst you can an error when an app can't locate a dependency. I admit to not knowing about this and find the vulnerability disturbing.

[–] A_norny_mousse@feddit.org 19 points 5 days ago (1 children)

It's not a vulnerability - it's part of the system. Google Play store reviews apps and thus implicitly allows such behavior. It's not just in the manifest or permissions either, data collection is rampant in apps and how could it not since that is the whole purpose of all Alphabet products.

[–] Imgonnatrythis@sh.itjust.works 6 points 5 days ago

Yes. A bit tounge in cheek, because it makes me feel vulnerable.

[–] possiblylinux127@lemmy.zip 7 points 4 days ago

Android used to allow read access to the entire filesystem...