Until a few years ago, any app you installed on an Android device could see all other apps on your phone without your permission.
Since 2022, with Android 11, Google removed this access from app developers. Under their new package visibility policy, apps should only see other installed apps if it’s essential to their core functionality. Developers must also explicitly declare these apps in the AndroidManifest.xml file - a required configuration file for all Android apps.
So I downloaded a few dozen Indian apps I could think of on top of my head and started reading their manifest files. Surely they will be respectful of my privacy and will only query apps essential to their app’s core functionality? 🙃
Seems like a simple 5 app limit on what developers can query should be sufficient. Also seems like this should be something users should be allowed to disable completely - at worst you can an error when an app can’t locate a dependency. I admit to not knowing about this and find the vulnerability disturbing.
Android used to allow read access to the entire filesystem…
It’s not a vulnerability - it’s part of the system. Google Play store reviews apps and thus implicitly allows such behavior. It’s not just in the manifest or permissions either, data collection is rampant in apps and how could it not since that is the whole purpose of all Alphabet products.
Yes. A bit tounge in cheek, because it makes me feel vulnerable.