this post was submitted on 01 Apr 2025
111 points (95.9% liked)

Technology

68244 readers
4239 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
111
Everyone knows all the apps on your phone - by peabee (peabee.substack.com)
submitted 2 days ago by effzehkoelle@feddit.org to c/technology@lemmy.world
23 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] AmbiguousProps@lemmy.today 22 points 2 days ago* (last edited 2 days ago) (2 children)

So the first line says that it's for older versions of android before 2022. But the next paragraph says:

For extremely specific use cases such as file managers, browsers or antivirus apps, Google grants an exception by allowing QUERY_ALL_PACKAGES permission, which provides full visibility into installed apps.

So this may still be possible, however sandboxing, especially GrapheneOS' implementation likely mostly, if not entirely reduce this risk.

[–] kipo@lemm.ee 17 points 2 days ago

So this may still be possible

This article seems to be saying that's it's not only possible, it's being actively (and I would assume widely) exploited on current versions of Android. Google is supposed to catch any abuses of listed exceptions, but they are either missing a bunch or letting them intentionally slide through. Either way, apps being able to see other apps is a big security risk that IMO only the user should be able to explicitly allow, and on a case-by-case basis.

[–] kipo@lemm.ee 9 points 2 days ago (1 children)

Yeah, meaning all newer phones past Android 11 shouldn't have this issue, but they do because of a workaround by shady companies that Google is either not aware of or not addressing. This issue isn't limited to older phones -- quite the opposite.

[–] AmbiguousProps@lemmy.today -1 points 2 days ago (1 children)

Apologies, I deleted my comment instead of editing it, but I meant to add that even with the shady workaround, if you have sandboxing it likely greatly reduces this risk.

Be very wary of what apps you install, and in fact, try to only use FOSS.

[–] KairuByte@lemmy.dbzer0.com 2 points 2 days ago (1 children)

People need to stop touting FOSS as more secure. More auditable, sure. But there are many, many examples of FOSS applications being insecure or abusive.

The bottom line is just “be wary of what apps you install period.”

[–] AmbiguousProps@lemmy.today 1 points 2 days ago

Sure, but I didn't mean to say that FOSS couldn't be insecure. Software itself can obviously be insecure, like we saw with xz. At least with FOSS though, it's more difficult for it to be hidden.