Google Tests New Privacy Controls To Prevent Android Apps From Snooping On Each Other
Did you realize, or ever put much thought into the fact, that mobile applications can sneak a peek at what other programs you have installed on your smartphone or tablet? They can, leading to some privacy implications. To avoid those privacy implications, Google is implementing a new policy that will make it tougher for developers to bake that functionality into their apps.
It may seem like no big deal on the surface, but there are reasons why you might not want a mobile app being able to see what other apps you have installed. Simple privacy is one. Beyond that, this sort of behavior can be extracted and sold for targeted advertising purposes. That kind of information could, in theory, also lead to more effective malware (though we're not sure how prevalent that actually is).
In an updated support document, Google makes it clear that it views "installed apps queried from a user's device as personal and sensitive information," and will only allow apps to extract that information when the core functionality "requires broad visibility into installed apps on the user's device."
What this ties into is the QUERY_ALL_PACKAGES permission.
"Permitted use involves apps that must discover any and all installed apps on the device, for awareness or interoperability purposes may have eligibility for the permission. Permitted use includes; device search, antivirus apps, file managers, and browsers," Google explains.
Google is applying its rule to API level 30 or later on devices running Android 11 or later. It goes into effect May 5, 2021. Developers who might be thinking they can sidestep the policy by targeting an earlier version should note that Google will begin requiring that new apps target at least Android 11 by August of this year. And by November of this year, the same will be true of existing apps that get updated.
"If your app does not meet the requirements for acceptable use... you must remove it from your app's manifest in order to comply with Play policy," Google says.
For apps that do require this kind of snooping for their core functionality, developers will have to fill out a Declaration Form in the Play Console. Failure to do so is cause for the app to be kicked out of Google Play. Developers also face a suspension and/or termination of their account for not following the new rule.