Every Android release has seen a refinement of what was once an overly broad app permissions system. Today, users can grant or deny permissions on a case-to-case basis and developers are required to be more upfront about the permissions they need and why they need them. There are still some cases, however, where even the fine-grained permissions can be abused, forcing Google to tighten the noose. One such case is the ability to see what apps are installed on a phone, and starting next month, Google will start culling apps that don’t have any business doing that.
Many people install apps without a second thought, sometimes even too carelessly, but the list of apps you accumulate isn’t exactly the innocent and innocuous thing many may presume it to be. Google Play sees this information as personal and sensitive as it can reflect a particular person’s preferences. And, as always, that information can be used for advertising or even spying purposes.
As such, Google will be limiting which apps can use its mighty QUERY_ALL_PACKAGES permission only to a subset of apps that have a core purpose of searching for all apps installed on a device. Google defines “core functionality” as being the main purpose of the app without which it becomes pretty useless. Those include device search apps, file managers, and web browsers.
Google does say it may grant temporary exceptions if the app can justify the need for that QUERY_ALL_PACKAGES permission. It cites financial or banking apps as an example since those might need to know all the apps installed on a device for security purposes, like checking if known malicious apps are present. Apps that use that data for advertising are, of course, a big no-no.
Previously intended to take effect earlier this year, Google has pushed the implementation of the new policy to May 5, 2021. This change, however, only affects apps that specifically target Android 11 or later (API 30 or higher). Like with every major change to its permissions system, this could also inadvertently affect some corner cases, like Tasker or power user apps, and it remains to be seen which will be the casualties this time around.