Google has introduced one other privateness restriction for Play Store apps. Starting this summer season, Android 11’s new Query_All_Packages permission can be flagged as “sensitive” on the Play Store, which means Google’s evaluate course of will prohibit it to apps the corporate feels actually need it. Query_All_Packages lets an app learn your entire app list, which might include all kinds of delicate info, like your courting preferences, banking info, password administration, political affiliation, and extra, so it is smart to lock it down.
On a help web page, Google introduced, “Apps which have a core function to launch, search, or interoperate with different apps on the machine might get hold of scope-appropriate visibility to different put in apps on the machine.” Google has another page that lists allowable use instances for Play Store apps querying your app list, together with “machine search, antivirus apps, file managers, and browsers.” The web page provides that “apps that should uncover any and all put in apps on the machine, for consciousness or interoperability functions might have eligibility for the permission.” For apps that must work together with different apps, Google needs builders to make use of extra scoped app-discovery APIs (as an example, all apps that help x function) as a substitute of simply pulling the entire app list.
There’s additionally an exception for monetary apps like banking apps and P2P wallets, which the web page says “might get hold of broad visibility into put in apps solely for security-based functions.” We assume this implies scanning for root apps. The new coverage additionally states that “[a]pp stock information queried from Play-distributed apps might by no means be offered nor shared for analytics or advertisements monetization functions.”
Our retailer, our rules
Using the Play Store as a developer management floor is a reasonably new tactic for Google. Sure, Google has full management over the OS and may use that management to drive privateness restrictions for all apps, however if you simply wish to have an effect on some apps, pushing out a Play Store app evaluate restriction offers Google extra fine-grained management over permission utilization insurance policies. The Play Store is the one universally default (apart from China) Android app retailer, and it is the first place most folks get apps, so Play Store rules let Google construct thicker partitions round its walled backyard whereas additionally giving builders an opportunity to argue for his or her particular person use instances. If end-users do not just like the rules, they get a sideloading and alternative-app-store escape hatch, which you would not get with an OS-based permission restriction.
Besides this app package deal list restriction, the Play Store additionally flags several other APIs as “delicate,” subjecting them to a better evaluate and requiring particular person builders to justify their use. Apps utilizing the highly effective accessibility APIs, background location APIs, SMS and telephone apps, and full file entry APIs are all topic to Google’s particular person approval.
Other present Play Store restrictions embrace a rolling minimal API-level coverage that mandates new and updating apps cannot use an API stage older than one 12 months. API ranges are the principle means Android manages backward compatibility. New restrictions and options for every model of Android usually solely apply to apps focusing on that API stage, so nothing breaks. For occasion, the permissions system solely applies to apps focusing on API stage 23 (Android 6.0) and up—older apps don’t have any permission restrictions. When used maliciously, you could possibly simply goal an historical API stage to ship an app with extra entry to the system, however the Play Store coverage to simply block any submissions on older API ranges prevents this.
Today’s restriction is a good instance: the Query_All_Packages permission was added in Android 11, so it solely applies to apps focusing on Android 11’s API stage, which is “API Level 30.” The Play Store’s restrictions, naturally, additionally solely apply to apps focusing on API stage 30 and up, which in all probability is not many apps proper now. Shortly after Android 11 is one 12 months previous, although (in November 2021), the Play Store will make API stage 30 the minimal API stage for updating apps, so the permission and the brand new restrictions will apply to each at present maintained app within the retailer.