
How Android developers access installed apps on user’s device [pdf] - Fragoel2
http://www.ivanomalavolta.com/files/papers/MOBILESoft_iam_2020.pdf
======
scarface74
iOS had a similar leak that was exploited by apps like Twitter.

[https://www.techspot.com/news/58991-twitter-track-list-
apps-...](https://www.techspot.com/news/58991-twitter-track-list-apps-
installed-mobile-device.html)

It used the “canOprnUrl” method if I recall correctly.

Apple locked this down less than a year later in iOS 10 where an app has to
explicitly list which urls can be tested this way and there is a hard limit.
Of course this goes through app review.

------
richardwhiuk
Previously in Android app development, the application sandbox has been
sufficiently leaky that if a user has another app installed, it can cause
problems for the app being developed.

It's useful to be able to warn users that they've got an app installed that
will conflict in this way, and suggest an upgrade/uninstall/warn them of poor
behaviour.

~~~
Dahoon
It is useful yes, but so is massive surveillance. That doesn't make it a good
thing.

------
yellow_lead
If I wanted to do similar research to this, can anyone share a good method for
obtaining a large corpus of apps like these researchers presumably did?

EDIT: Should've read the paper first, looks like they used this
[https://androzoo.uni.lu/](https://androzoo.uni.lu/)

------
dserodio
I'd love to read a condensed version

~~~
jascii
Installed apps list is available through IAMS API, Devs use this to profile
users.

~~~
kyleee
Interesting, what are the legit (if any) reasons this info is exposed via that
API/endpoint?

~~~
veeti
There are plenty of legitimate use cases listed under section 4.5.

I'm sure there is some scumbag adtech SDK out there profiling people based on
their installed apps, but I think that most uses of these API's would turn out
to be innocuous on a closer look.

For instance, I've worked on apps that check if another app from the same
company is installed, so that they can integrate together. Think Facebook and
Messenger: two separate apps.

It seems that this sort of innocent check would turn out in this study as a
"call accessing package names". Sounds ominous at first, but I'm just asking
for one package X, not scraping all your installed apps to sell you something.

Anyway, this is all being locked down in Android 11 [1]. Many of these use
cases are being addressed with a more secure API, but I hope there are no apps
left behind.

[1] [https://developer.android.com/preview/privacy/package-
visibi...](https://developer.android.com/preview/privacy/package-visibility)

~~~
saagarjha
> Think Facebook and Messenger: two separate apps.

Of course, apps from the same developer should have access to alternative ways
to share state.

~~~
dejj
Wait, is this sarcasm or not? If not, bypassing malware filters by spreading
the parts over multiple apps with 'friendship' access rights to each other
sounds like return-oriented programming with extra steps.

~~~
saagarjha
The number of "gadgets" in this case is very small, and most protections
should work at the developer ID level anyways.

