New Play Store rules block most apps from scanning your entire app list – Ars Technica4 min read

https://arstechnica.com/gadgets/2021/04/new-play-store-rules-block-most-apps-from-scanning-your-entire-app-list/

Google has actually revealed another privacy restriction for Play Store apps. Starting this summer, Android 11s new Query_All_Packages authorization will be flagged as “delicate” on the Play Store, indicating Googles review procedure will restrict it to apps the business feels actually need it. Query_All_Packages lets an app read your entire app list, which can include all sorts of delicate information, like your dating preferences, banking details, password management, political affiliation, and more, so it makes good sense to lock it down.
On a support page, Google revealed, “Apps that have a core function to launch, search, or interoperate with other apps on the device may acquire scope-appropriate exposure to other installed apps on the device.” Google has another page that notes allowable use cases for Play Store apps querying your app list, including “device search, antivirus apps, file supervisors, and internet browsers.” The page includes that “apps that need to discover any and all installed apps on the gadget, for awareness or interoperability purposes might have eligibility for the consent.” For apps that have to interact with other apps, Google wants developers to use more scoped app-discovery APIs (for example, all apps that support x function) rather of just pulling the entire app list.
Theres likewise an exception for financial apps like banking apps and P2P wallets, which the page states “may obtain broad exposure into installed apps entirely for security-based purposes.” We presume this indicates scanning for root apps. The brand-new policy likewise specifies that” [a] pp stock data queried from Play-distributed apps may never ever be offered nor shared for analytics or ads monetization functions.” Our shop, our guidelines
Utilizing the Play Store as a developer control surface is a relatively new strategy for Google. Sure, Google has full control over the OS and can use that control to require privacy restrictions for all apps, however when you simply wish to impact some apps, pushing out a Play Store app evaluation restriction offers Google more fine-grained control over consent usage policies. The Play Store is the only universally default (except for China) Android app store, and its the main location a lot of people get apps, so Play Store rules let Google construct thicker walls around its walled garden while also offering designers a chance to argue for their private use cases. If end-users dont like the rules, they get a sideloading and alternative-app-store escape hatch, which you would not get with an OS-based approval restriction.
Advertisement

This app plan list constraint, the Play Store likewise flags numerous other APIs as “sensitive,” subjecting them to a more detailed evaluation and requiring private designers to justify their use. Apps utilizing the effective ease of access APIs, background location APIs, SMS and phone apps, and full file access APIs are all based on Googles private approval.
Other current Play Store constraints include a rolling minimum API-level policy that mandates brand-new and upgrading apps cant use an API level older than one year. The consents system just uses to apps targeting API level 23 (Android 6.0) and up– older apps have no authorization constraints.
Todays restriction is an excellent example: The Query_All_Packages consent was added in Android 11, so it only applies to apps targeting Android 11s API level, which is “API Level 30.” The Play Stores constraints, naturally, also just use to apps targeting API level 30 and up, which probably isnt numerous apps right now. Soon after Android 11 is one year old, though (in November 2021), the Play Store will make API level 30 the minimum API level for upgrading apps, so the approval and the new limitations will apply to every presently preserved app in the shop.

For apps that have to interact with other apps, Google wants designers to use more scoped app-discovery APIs (for circumstances, all apps that support x feature) rather of just pulling the entire app list.
The Play Store is the only widely default (except for China) Android app store, and its the main location most people get apps, so Play Store guidelines let Google construct thicker walls around its walled garden while also giving designers an opportunity to argue for their specific use cases. The authorizations system just applies to apps targeting API level 23 (Android 6.0) and up– older apps have no consent constraints. The Play Stores limitations, naturally, likewise only use to apps targeting API level 30 and up, which probably isnt many apps right now. Shortly after Android 11 is one year old, though (in November 2021), the Play Store will make API level 30 the minimum API level for updating apps, so the consent and the brand-new restrictions will apply to every presently kept app in the shop.

Leave a Reply

Your email address will not be published. Required fields are marked *