Closed flexagoon closed 1 year ago
Hello! The library indeed does not use the QUERY_ALL_PACKAGES
permission.
But the library does query packages, which react on the android.intent.action.MAIN
intent. (see the Manifest of the library). Google does not forbid it. The list lacks packages which don't have launcher (e.g. Google services, HMS etc.), but for identifying and fingerprinting purposes it's more than enough.
Hope it makes things more clear!
@Alexey-Verkhovsky thanks for the response! Oh wow, doesn't that kinda make the entire QUERY_ALL_PACKAGES
permission useless?
doesn't that kinda make the entire QUERY_ALL_PACKAGES permission useless?
Sort of!
Technically, there is a difference, as
I mentioned above:QUERY_ALL_PACKAGES
in addition does allow to extract packages, that don't have launcher. Usually these are internal services (GSF, HMS etc.).
But from the privacy side... it does not hide much information about users 🥲
Since Android 11, apps need the
QUERY_ALL_PACKAGES
permission to get a list of installed apps on the device. However, the playground app does not use this permission, but it still can get a list of my installed apps. How is this possible?