Google is cracking down on apps that can see your device's installed apps

Google is no stranger to laying down the law on Android when it comes to the permissions developers are allowed to use. The company is cracking down once again, and it’s now focusing on developers that needlessly request a list of installed apps on a user’s device.

XDA-Developers reports that Google has made changes to its Developer Program Policy, making it harder for apps to see what other apps are installed. More specifically, Google will only allow the so-called QUERY_ALL_PACKAGES permission for an app if it’s part of the core functionality, saying a user’s list of installed apps is “personal and sensitive information.” This permission comes into effect if a developer targets API level 30 (Android 11). 

“Permitted use includes; device search, antivirus apps, file managers, and browsers,” reads an excerpt of the changed policy spotted by the outlet. The tweaked policy also notes that financial apps like banking clients and digital wallets would be granted this permission “solely” for security purposes.

More reading: Android 11 improves on privacy — Here’s how it can get even better

XDA-Developers reports that all new apps and app updates on Google Play will be required to target API level 30 from November 2021, so this will force many developers to take heed. 

Either way, this is a pretty sensible decision by Google, as some apps sniff out your installed list of apps for advertising purposes or to sell that data to others. Malicious actors could also theoretically read lists of apps for their own ends (e.g. determining the best targets). 

Hopefully this crackdown is more successful than Google’s other efforts to restrict permissions on Android. The company previously restricted calling and texting permissions in the name of security and privacy, but this affected legitimate apps like device security tool Cerberus.