Google has announced an update to its developer program policy that will help prevent apps from seeing what other apps are installed on an Android device. The company claims that it treats apps that are set as the user’s private information and therefore aims to protect Android users by keeping this data secure.
QUERY_ALL_PACKAGES permissions, currently required for applications targeting API level 30 (Android 11) and above that want to query the list of user-installed applications for Android 11 or later.
QUERY_ALL_PACKAGES permissions will now only be available when the core functionality of the app in question needs to query one of the device’s installed applications. Therefore, to challenge this new policy, developers will need to provide reasonable evidence that it is essential to question the API of applications installed on Android devices in order for that device to function properly.
Google describes the QUERY_ALL_PACKAGES permissions as allowing all apps that need access to the list of installed apps to remain aware of interoperability when in use. This requirement would apply to anti-virus apps, browsers, device searches and file managers.
If an app does not meet the eligibility points above, the rules of the game require that the developer must delete the application. In fact, even when an app meets the package requirements, the developer still has to sign a declaration form in the Play Console. Failure to sign this form may result in the app being removed from Google Play Store
This update will take effect on May 5, 2021, and starting November 2021, all apps delivered to Google Play Store must target Android 11 or later. Ultimately, the policy seeks to protect consumers from any malicious advertising or other similar activity that may occur when an external entity can view the apps installed on a device. In fact, a similar and long-standing developer policy had a similar goal, which is to allow the user to disable apps like Facebook that interact with apps installed on their mobile device.
That said, for its part, Google has long asked app developers to request permission for an SMS or device call log to sign a declaration form before posting it to Google Play. Now, this next step promises to further improve consumer privacy.