Google is making some new changes to the developer’s application policies that will make it harder for apps to see which other apps are installed on your Android device. Google says that they consider the complete list of apps installed on a user’s device to be personal and sensitive information, and as such it will limit which apps can access this information. In particular, Google will restrict which apps can request the QUERY_ALL_PACKAGES permission currently required for API level-targeted apps (Android 11) and above, which will query the list of apps installed on the user’s device running Android 11 or later .
Going forward, using the QUERY_ALL_PACKAGES permission will only be allowed when the core functionality of the app depends on querying the installed apps. Developers must “adequately justify why a less intrusive method of app visibility does not adequately enable the app̵
Google outlines the permitted use of the QUERY_ALL_PACKAGES permission as follows:
Permitted use involves apps that must detect all apps installed on the device, for awareness or interoperability purposes may be entitled to the permission. Permitted use includes; device searches, antivirus apps, file administrators and browsers.
If an app does not meet the requirements set forth above, the developer must remove the permission from the app manifest to comply with the Play Policy. Even if an app meets the requirements for using the QUERY_ALL_PACKAGES permission, the developer must still sign a declaration form in the Play Console. Google warns that failure to submit the declaration form or fail to meet the policy requirements may result in your app being removed from the Google Play Store. This new change will take effect on May 5, 2021. It is worth noting that as of November 2021, all new apps and app updates sent to Google Play will be required to target Android 11 or later, which strengthens its enforcement new policy.
This is a welcome change that will make it harder for apps to spy on which apps you are using on your device. Knowing which apps are installed on your device can be used as part of targeted ads or for malicious purposes.
It is worth noting that Google already requires apps that request SMS or call log permissions to sign a declaration form before they can be published on Google Play. Restricting app package visibility is just the next step in Google restricting access permissions in an effort to preserve users’ privacy.
Thanks to XDA Recognized Developer M66B for the tip!