How do you access a list of installed apps?

fingerprintjs / fingerprintjs-android

Swiss army knife for identifying and fingerprinting Android devices. MIT license, no restrictions on usage in production.

https://fingerprint.com/github/

MIT License

572 stars 83 forks source link

How do you access a list of installed apps? #71

Closed flexagoon closed 1 year ago

flexagoon commented 1 year ago

Since Android 11, apps need the QUERY_ALL_PACKAGES permission to get a list of installed apps on the device. However, the playground app does not use this permission, but it still can get a list of my installed apps. How is this possible?

Alexey-Verkhovsky commented 1 year ago

Hello! The library indeed does not use the QUERY_ALL_PACKAGES permission.

But the library does query packages, which react on the android.intent.action.MAIN intent. (see the Manifest of the library). Google does not forbid it. The list lacks packages which don't have launcher (e.g. Google services, HMS etc.), but for identifying and fingerprinting purposes it's more than enough.

Hope it makes things more clear!

flexagoon commented 1 year ago

@Alexey-Verkhovsky thanks for the response! Oh wow, doesn't that kinda make the entire QUERY_ALL_PACKAGES permission useless?

Alexey-Verkhovsky commented 1 year ago

doesn't that kinda make the entire QUERY_ALL_PACKAGES permission useless?

Sort of!

Technically, there is a difference, as I mentioned above:QUERY_ALL_PACKAGES in addition does allow to extract packages, that don't have launcher. Usually these are internal services (GSF, HMS etc.).

But from the privacy side... it does not hide much information about users 🥲