Google will soon make it harder for third-party apps to see what other apps are installed on a user’s Android device, a policy change that evokes similar privacy protections Apple introduced in iOS 9, way back in 2015.
According to XDA-Developers, upcoming amendments to Google’s Developer Program Policy will limit which apps can access an Android user’s full list of installed apps. As noted by Ars Technica, such lists can provide developers with various private habits like dating preferences, banking information, and political affiliations.
Specifically, any Android 11 app that requests the “QUERY_ALL_PACKAGES” permission can see the full list of apps stored on a user’s device. Google says it now regards this data as “personal and sensitive user data.” Therefore, starting May 5, Google’s app review process will restrict access to the permission to apps that the company believes really need it.
Once the change goes live, apps can only make use of the permission if “core user facing functionality or purpose, requires broad visibility into installed apps on the user’s device.” Google’s list of permitted apps mentions file managers, antivirus apps, and banking apps, including other apps that involve financial transactions.
If an app doesn’t meet these requirements, the developer must remove the permission from the app’s manifest to comply with the policy, or risk their app being removed from the Google Play Store. If a developer believes their app justifies access, they will have to complete a declaration form explaining why.
Apple made a similar change to its mobile operating system in 2015 to prevent advertisers from accessing app download data, which left third-party apps unable to see all of the apps downloaded on a user’s device. Prior to iOS 9, apps like Twitter and Facebook had been misusing a communication API to access the user app download data for ad targeting purposes.
However, Google is only just getting round to introducing a similar privacy restriction on its Play Store, as the company tries to balance the rising demands of privacy-conscious consumers with the financial needs of developers and advertisers.
The search giant has reportedly been discussing internally how it can limit data collection and cross-app tracking on the Android platform in a way that is less stringent than Apple’s upcoming App Tracking Transparency feature (ATT), in order to protect its $100 billion annual digital ad sales.
Starting in iOS 14.5, ATT will require apps to get opt-in permission from users to collect their random advertising identifier, which advertisers use to deliver personalized ads and track how effective their campaigns were.
Apple’s App Store rules say that app developers cannot collect data from a device for the purpose of identifying it, and developers are responsible for all tracking code in their apps, including any third-party SDKs they’re using. Google has already warned iPhone developers that rely on Google ads that Apple’s ad-tracking update may mean they’ll see a “significant impact” on their ad revenue.
Recently, Google has itself been on the wrong end of a digital privacy issue related to Apple’s App Store, after it was perceived to be dragging its feet in adding App Privacy labels to its iOS apps in accordance with Apple’s rules.
Apple has been enforcing App Privacy labels since December, but many of Google’s major apps did not start getting privacy labels until late in February. Google delayed adding the labels for so long that its apps went more than two months without being updated, leading some to claim that it “wanted to hide” the information that it collects.