Everyone knows all the apps on your phone
peabee.substack.com
Until a few years ago, any app you installed on an Android device could see all other apps on your phone without your permission.
    • kipo@lemm.eeEnglish
      27·
      3 months ago

      What do you mean? The article is talking about current versions of Android.

      • AmbiguousProps@lemmy.todayEnglish
        212·
        3 months ago

        So the first line says that it’s for older versions of android before 2022. But the next paragraph says:

        For extremely specific use cases such as file managers, browsers or antivirus apps, Google grants an exception by allowing QUERY_ALL_PACKAGES permission, which provides full visibility into installed apps.

        So this may still be possible, however sandboxing, especially GrapheneOS’ implementation likely mostly, if not entirely reduce this risk.

        • kipo@lemm.eeEnglish
          14·
          3 months ago

          So this may still be possible

          This article seems to be saying that’s it’s not only possible, it’s being actively (and I would assume widely) exploited on current versions of Android. Google is supposed to catch any abuses of listed exceptions, but they are either missing a bunch or letting them intentionally slide through. Either way, apps being able to see other apps is a big security risk that IMO only the user should be able to explicitly allow, and on a case-by-case basis.

        • kipo@lemm.eeEnglish
          91·
          3 months ago

          Yeah, meaning all newer phones past Android 11 shouldn’t have this issue, but they do because of a workaround by shady companies that Google is either not aware of or not addressing. This issue isn’t limited to older phones – quite the opposite.

          • AmbiguousProps@lemmy.todayEnglish
            12·
            3 months ago

            Apologies, I deleted my comment instead of editing it, but I meant to add that even with the shady workaround, if you have sandboxing it likely greatly reduces this risk.

            Be very wary of what apps you install, and in fact, try to only use FOSS.

    • DaGeek247@fedia.io
      10·
      3 months ago

      The second half of the article talks about how the apps get around this permission requirement.

  • Nate@programming.devEnglish
    24·
    3 months ago

    Seeing people say “GrapheneOS fixes this!” “It’s only on old versions of Android!”

    Device Info HW app that can read my applications

    Permissions requested (viewed in Google Play, lack of any "read applications" permission)

    Permissions granted in settings app, still lacking any "read applications" permission

    This is on a Pixel 8 Pro with the latest version of GrapheneOS. This is an issue and has been for a long time. Many apps detect root by looking for the Magisk package using this method, and many collect this information just for advertising (go ahead, export your Snapchat data)

  • kipo@lemm.eeEnglish
    18·
    3 months ago

    Well that was a horrifying read. Is there any software that can protect against this? GrapheneOS? LineageOS? A Magisk module?

    • Kairos@lemmy.todayEnglish
      3·
      3 months ago

      Separate profiles, although graphene is supposedly working on it last I heard.

  • IllNess@infosec.pubEnglish
    4·
    3 months ago

    I know this happened a few years ago but would having a separate work profile through Shelter, Island, or Insular limit the app to only see those on the profile?