- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
Until a few years ago, any app you installed on an Android device could see all other apps on your phone without your permission.
Since 2022, with Android 11, Google removed this access from app developers. Under their new package visibility policy, apps should only see other installed apps if it’s essential to their core functionality. Developers must also explicitly declare these apps in the AndroidManifest.xml file - a required configuration file for all Android apps.
So I downloaded a few dozen Indian apps I could think of on top of my head and started reading their manifest files. Surely they will be respectful of my privacy and will only query apps essential to their app’s core functionality? 🙃
You must log in or register to comment.
The worst part about Android is that I, as the owner of the device, can’t deny permissions to apps at this granular of a level.
There should be a setting for enabling or disabling every single system call under the “advanced” permissions menu for each app.
SE Linux my ass.
Seems like a simple 5 app limit on what developers can query should be sufficient. Also seems like this should be something users should be allowed to disable completely - at worst you can an error when an app can’t locate a dependency. I admit to not knowing about this and find the vulnerability disturbing.
Android used to allow read access to the entire filesystem…
The Hackernews thread on this discusses how this has been known for years and hasn’t been fixed by Google
It’s a feature.
Android & Googleverse is a cancer that permeates way more than just the OS or browser.
May I ask what phone OS you use if not Android or Android based?
Also, could you explain what the “different Indias” are?
Would GrapheneOS have protections against this ?
Somewhat in progress: https://grapheneos.social/@GrapheneOS/113973056128380064
EDIT: wrong link, didn’t fully flesh out the thought, and more. I deserve the downvote!
–
There are on-going efforts to create what is know as App Communication Scopes in GrapheneOS, which covers similar ground to their Storage Scopes and Contacts Scopes. It’s been a WIP for while, though.
Can you explain? Not saying you’re wrong but that short paragraph does not seem to address the contents of this posts’s article.
Oops! I shared the wrong link, and also meant to say ‘Somewhat in progress.’ Explains why I got downvoted.
There are on-going efforts to create what is know as App Communication Scopes in GrapheneOS, which covers similar ground to their Storage Scopes and Contacts Scopes. It’s been a WIP for while, though.
Thanks that makes more sense. But I’ll believe it when it’s implemented.
It is very hard to implement properly
This is the problem with Android; the whole OS is built for Google and they have no interest in making this sort of thing easy. Building apps or end user stuff, sure, but fiddling around with its core functionality is not supported.
