- cross-posted to:
- android@lemmy.world
- privacy@lemmy.dbzer0.com
- cross-posted to:
- android@lemmy.world
- privacy@lemmy.dbzer0.com
Until a few years ago, any app you installed on an Android device could see all other apps on your phone without your permission.
Since 2022, with Android 11, Google removed this access from app developers. Under their new package visibility policy, apps should only see other installed apps if it’s essential to their core functionality. Developers must also explicitly declare these apps in the AndroidManifest.xml file - a required configuration file for all Android apps.
So I downloaded a few dozen Indian apps I could think of on top of my head and started reading their manifest files. Surely they will be respectful of my privacy and will only query apps essential to their app’s core functionality? 🙃
You must log in or register to comment.
The Hackernews thread on this discusses how this has been known for years and hasn’t been fixed by Google
It’s a feature.
I developed a Unity Plugin to utilize this. Was really good to see if another one of your own apps was installed
Would GrapheneOS have protections against this ?
Somewhat in progress: https://grapheneos.social/@GrapheneOS/113973056128380064
EDIT: wrong link, didn’t fully flesh out the thought, and more. I deserve the downvote!
–
There are on-going efforts to create what is know as App Communication Scopes in GrapheneOS, which covers similar ground to their Storage Scopes and Contacts Scopes. It’s been a WIP for while, though.
The worst part about Android is that I, as the owner of the device, can’t deny permissions to apps at this granular of a level.
There should be a setting for enabling or disabling every single system call under the “advanced” permissions menu for each app.
SE Linux my ass.
Googles revenue structure is counter to giving you that control. It’s the unfortunate side effect of the stock market.
There should be a setting for enabling or disabling every single system call under the “advanced” permissions menu for each app.
That’s what GrapheneOS adds.
It’s interesting that Google hasn’t merged those features back into Android, itself.
Did they open a PR?
Seems like a simple 5 app limit on what developers can query should be sufficient. Also seems like this should be something users should be allowed to disable completely - at worst you can an error when an app can’t locate a dependency. I admit to not knowing about this and find the vulnerability disturbing.
Android used to allow read access to the entire filesystem…
I have a shitty tracking app I have to use, I have it in the work profile with shelter, AFAIK that keeps it siloed from my regular apps
What is this profile siloing you speak of?
“work profile” “work apps”
I haven’t really looked into how it works, but it’s supposed to keep the apps in the work profile separate. I use it because our time clock app is a privacy nightmare and I can completely disable it with one click when I’m not working.
I use an app from F-Droid called Shelter.
What’s the situation on iPhone?
Not on my Graphene OS phone.
Seems that is not true. Apps will see inside profiles as far as I know.
“Graphene is perfect in every way and everyone should use it”
