When you install an application on your phone, it gets access to data on your phone. Some request extra access to the user, either manually or automatically, to work correctly. Until now, the command to access the installed list could be executed by any app that fits the requirements, but, in the future, it will be available only when the main functionality of the program is linked to another, as in the case of add-ons or utilities.
The idea is to prevent the leakage of this information, said to be “privileged” by the user, and its indiscriminate use by developers. There is a permission called QUERY_ALL_PACKAGES, which can be requested by API level 30 or higher, to consult a list of software installed on the device. Developers will need to provide Google with reasonable evidence to prove the need for this access. Anyone who fails to properly justify will have their app removed from the Play Store and may be penalized.
This permission is widely used by antivirus, browsers and file managers, but it can also be used by apps to send targeted or malicious advertising. If a chat app knows that the user uses your competitor, for example, it could send advertisements on third-party apps to convince them to switch. Banking software or digital wallets can also use this functionality to check that there is no malware running in the background, which could facilitate information theft.
Closing the siege of malicious advertising
As of November 2021, all new applications sent to the online store should be directed to Android 11 or higher. They may even be compatible with previous versions, but they must be built based on the latest system. The goal is to prevent malicious activity triggered by loopholes in older operating systems – many apps use vulnerabilities to steal data or infect devices.
Google has for some time required the signing of a declaration form before publication on Google Play by developers whose programs require access to SMS or call logging from a device. This makes them liable in case of misuse or leakage of personal information.
It is also possible to restrict the interaction of apps with Facebook or other social media platforms. In these cases, developers need to provide additional login options, such as the ability to create a profile on their own website.
Now, this new stage promises to increase even more the rigor with the privacy of the user. With the constant news of leaks and misuse of data, concern about the security of online information has grown.
What do you think of the measure? Do you agree with Google or do you think developers could be harmed? Comment.
Did you like this article?
Subscribe your email to Canaltech to receive daily updates with the latest news from the world of technology.
Get the latest news delivered to your inbox
Follow us on social media networks