Google is making a change to Android that will prevent apps from snooping on one another.
Taking effect May 5 and applying primarily to Android 11, the rule update bans most apps from using the new QUERY_ALL_PACKAGES permission, which reveals details about the other apps installed on a device.
- The best Android antivirus apps to keep your device clean
- This Android update is really nasty spyware — what you need to know
- Plus: Hackers turn to phone calls to infect PCs with malware
It's meant to stop apps from getting sensitive information or creating device profiles that can be used for advertising or even spying purposes.
The exceptions will be apps that need to see what's going on as part of their core functions, including antivirus apps, browsers, file managers and search apps. Digital-wallet and banking apps may be able to ask for temporary exceptions.
These apps will have to declare that they are using this permission in their Google Play listings.
Google explained in a new notice to app developers (opens in new tab) that it "regards the device inventory of installed apps queried from a user's device as personal and sensitive information."
Apps that request to use the QUERY_ALL_PACKAGES permission "must be able to sufficiently justify why a less intrusive method of app visibility will not sufficiently enable your app's policy-compliant user-facing core functionality."
Abusing a privilege
The QUERY_ALL_PACKAGES permission, introduced with Android 11, replaces and supersedes an older set of functions that apps have used to see details about the other apps installed on an Android device, Catalin Cimpanu at The Record (opens in new tab) explained.
These functions were originally created to resolve compatibility issues, but they ended up being abused. Because they were functions and not permissions, the apps did not need to ask or even inform the user before doing so.
A year-old research paper (opens in new tab) found that roughly 30% of commercial Android apps — including nearly 73% of games — used these functions to get information about the other apps installed on a device.
Less than 3% of open-source Android apps did so. Many of the app queries were generated by third-party ad and utility code used by app developers, often without the knowledge of the developers themselves.
Although this change in theory affects only Android 11, estimated to be on only about 6% of Android devices (opens in new tab) in active use right now, XDA-Developers (opens in new tab) explained that it will become more or less mandatory in November when Google will require that all app development "target" Android 11 or later rather than earlier versions.