Google announced another privacy restriction on Play Store apps. Starting this summer, Android 11’s new Query_All_Packages permission will be marked as “sensitive” in the Play Store, which means that Google’s review process will limit it to applications that the company thinks are really needed. Query_All_Packages allows apps to read your entire app list, which may contain various sensitive information, such as dating preferences, banking information, password management, political affiliation, etc., so it makes sense to lock it.
Google announced on the support page: “Apps that have the core purpose of launching, searching, or interoperating with other applications on the device may gain visibility into the scope of other installed applications on the device.”
Financial applications (such as banking applications and P2P wallets) also have exceptions, the page says: “For security-based purposes only, they may gain broad visibility into installed applications.” We think this means scanning for root applications. The new policy also stipulates:[a]The pp inventory data queried from apps distributed by Play may never be sold or shared for analysis or advertising purposes. “
Our shop, our rules
For Google, using the Play Store as a developer control interface is a fairly new strategy.Of course, Google has full control over the operating system, and you can use this control to enforce privacy restrictions on all applications, but when you only want to affect some Apps, the removal of the review restrictions on Play Store apps allows Google to exercise more fine-grained control over the permission usage policy. The Play Store is the only Android app store by default in the world (except the world), and is the main place where most people buy apps. Therefore, the Play Store rules allow Google to build thicker walls around the walled garden, and it also provides developers with Opportunities to justify individual use cases. If the end user does not like these rules, then they will get side loading and alternative app store escape hatches, and operating system-based permission restrictions are something you will not encounter.
In addition to this application package list restriction, the Play Store also marked several other APIs as “sensitive”, thereby subjecting them to stricter scrutiny and requiring individual developers to justify them. Applications that use powerful accessibility APIs, back-end location APIs, SMS and phone applications, and full file access APIs must all be separately approved by Google.
Other current Play Store restrictions include a rolling minimum API level policy, which requires that new and updated applications cannot use API levels older than one year. The API level is the main way Android manages backward compatibility. The new restrictions and features of each Android version usually only apply to apps targeting that API level, so there is no problem. For example, the permission system only applies to apps with a target API level of 23 (Android 6.0) and higher-older apps have no permission restrictions. When used maliciously, you can target only the older API level to publish apps with more access to the system, but the Play Store policy only prevents any submissions that use the older API level to avoid this Happening.
Today’s restriction is a good example: the Query_All_Packages permission was added in Android 11, so it only applies to apps that target the API level of Android 11 (“API level 30”). The restrictions of the Play Store naturally only apply to applications with an API level of 30 or higher, which may not be many at present. However, shortly after the launch of Android 11 (November 2021), the Play Store will set API level 30 as the lowest API level for updated applications, so the license and new restrictions will apply to every application currently maintained in the store.