Google has announced another privacy restriction for Play Store apps. Starting this summer, Android 11’s new Query_All_Packages permission will be marked “sensitive” on the Play Store, meaning Google’s review process will limit it to apps the company thinks they actually need. Query_All_Packages allows an app to read your entire app list, which can contain all sorts of sensitive information like your dating preferences, banking information, password manager, political affiliation, and more, so it makes sense to lock it down.
On a support page, Google announced, “Apps that have a core purpose of launching, searching, or interacting with other apps on the device can be given appropriate visibility to other apps installed on the device.” Google has another page of allowed use cases for Play Store apps that search your app list, including “device search, antivirus apps, file managers, and browsers.” The page adds that “apps that need to discover all apps installed on the device, for awareness or interoperability purposes, may be eligible for the permission.” For apps that need to interact with other apps, Google wants developers to use more app discovery APIs (for example, all apps that support the x function) instead of just pulling the entire app list.
There is also an exception for financial apps such as banking apps and P2P wallets, which can gain broad insight into installed apps, according to the page, “for security purposes only.” Let’s assume this means scanning for root apps. The new policy also states that “[a]pp inventory data requested from Play-distributed apps should never be sold or shared for analytics or ad monetization purposes.”
Our store, our rules
Using the Play Store as a developer control surface is a fairly new tactic for Google. Sure, Google has full control over the operating system and can use that control to enforce privacy restrictions on all apps, but when you just want to influence some apps, displacing a rating restriction on Play Store apps, gives Google more granular control over permissions usage policies. The Play Store is the only universally standard (except China) Android app store, and it’s the main place most people get apps, so Play Store rules let Google build thicker walls around its walled garden, while also giving developers the chance. to advocate for their individual use cases. If end users don’t like the rules, they get a sideloading escape hatch and alternative app store, which you wouldn’t get with an OS-based permission restriction.
In addition to this limitation of the app package list, the Play Store also marks several other APIs as “sensitive,” prompting a closer look at them and requiring individual developers to justify their use. Apps that use the powerful accessibility APIs, background location APIs, SMS and phone apps, and full file access APIs are all subject to Google’s individual approval.
Other current Play Store restrictions include an ongoing minimum API level policy that requires new and updated apps not to use an API level older than one year. API levels are the primary way Android manages backward compatibility. New restrictions and features for each version of Android generally only apply to apps targeting that API level, so nothing will break. For example, the permission system only applies to apps targeting API level 23 (Android 6.0) and above. Older apps don’t have permission restrictions. When used maliciously, you can target an old API level to submit an app with more system access, but the Play Store policy to block submissions at older API levels prevents this.
Today’s limitation is a good example: the Query_All_Packages permission was added in Android 11, so it only applies to apps targeting the Android 11 API level, which is “API level 30”. Of course, the Play Store restrictions only apply to apps targeting API level 30 and above, which probably aren’t many apps at this point. However, shortly after Android 11 is a year old (in November 2021), the Play Store API level 30 will make it the minimum API level for updating apps, so the permission and the new restrictions will apply to any currently maintained app in the shop.