Google has announced an update to its Developer Program Policy that will help to prevent applications from viewing which other apps are installed on an Android device. The company states that they consider installed apps to be private user information and therefore, aim to protect Android users by keeping this data secure.
That is to say, Google will limit which apps can request the QUERY_ALL_PACKAGES permission, presently mandatory for application targeting API level 30 (Android 11) and above that wish to query the list of application a user has installed for an Android 11 or later device.
From now on, the QUERY_ALL_PACKAGES permission will only be available when the core functionality of an app in question must query any of the device’s installed applications. Therefore, in order to dispute this new policy, developers will have to provide reasonable evidence for how querying the API of an Android device’s installed applications is absolutely necessary in order for that device to properly function.
Google describes the QUERY_ALL_PACKAGES permission as allowing any apps that require access to the installed apps list in order to remain aware and interoperable during use. Such a requirement would be relevant for antivirus apps, browsers, device search, and file managers.
If an app doesn’t meet the aforementioned eligibility points, the Play Policy dictates that the developer must remove the application. In fact, even when an app does meet the package’s requirement, the developer must still sign a declaration form in the Play Console. Failing to sign this form could result in the app being removed from the Google Play Store.
This update will go into effect on May 5 of 2021, and as of November of 2021, all apps submitted to the Google Play Store must target Android 11 or higher. The policy ultimately seeks to safeguard users against any malicious advertising or other such activity that may happen when an external entity can view apps installed on a device. In fact, a similar and longer-standing developer policy had a similar goal of enabling the user to opt-out of applications such as Facebook interacting with apps installed on their mobile device.
All of that said, for its part, Google has already required for some time that the developers of apps requiring a device’s SMS or Call Log permissions sign a declaration form before publication on Google Play. Now, this next step promises to enhance user privacy even further.