Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removal of QUERY_ALL_PACKAGES From Danger List #37

Closed
MichaelDevon opened this issue May 15, 2024 · 1 comment
Closed

Removal of QUERY_ALL_PACKAGES From Danger List #37

MichaelDevon opened this issue May 15, 2024 · 1 comment

Comments

@MichaelDevon
Copy link

MichaelDevon commented May 15, 2024
edited
Loading

Apps can very easily get the full app list of users without this permission. I may be missing the reason why its considered sensitive if it can be bypassed in a trivial manner.
@lberrymage lberrymage transferred this issue from accrescent/website Oct 15, 2024
@lberrymage
Copy link
Member

I don't remember the details, but QUERY_ALL_PACKAGES does grant additional access beyond what's available through a wildcard intent filter. Some platform APIs require it. Additionally, while wildcard intent filters can be used for much of the functionality of QUERY_ALL_PACKAGES, these too can be audited through the manifest if we ever decide to, and we want to maintain enforcing security guarantees at least as strict as Google Play, which checks QUERY_ALL_PACKAGES.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lberrymage @MichaelDevon