Google has announced another privacy restriction for Play Store apps. Starting this summer, Android 11’s new Query_All_Packages permission will be flagged as “sensitive” on the Play Store, meaning Google’s review process will restrict it to apps the company feels really need it. Query_All_Packages lets an app read your entire app list, which can contain all sorts of sensitive information, like your dating preferences, banking information, password management, political affiliation, and more, so it makes sense to lock it down.
On a support page, Google announced, “Apps that have a core purpose to launch, search, or interoperate with other apps on the device may obtain scope-appropriate visibility to other installed apps on the device.” Google has another page that lists allowable use cases for Play Store apps querying your app list, including “device search, antivirus apps, file managers, and browsers.” The page adds that “apps that must discover any and all installed apps on the device, for awareness or interoperability purposes may have eligibility for the permission.” For apps that have to interact with other apps, Google wants developers to use more scoped app-discovery APIs (for instance, all apps that support x feature) instead of just pulling the entire app list.
There’s also an exception for financial apps like banking apps and P2P wallets, which the page says “may obtain broad visibility into installed apps solely for security-based purposes.” We assume this means scanning for root apps. The new policy also states that “[a]pp inventory data queried from Play-distributed apps may never be sold nor shared for analytics or ads monetization purposes.”