Hacker News new | past | comments | ask | show | jobs | submit login

There are plenty of legitimate use cases listed under section 4.5.

I'm sure there is some scumbag adtech SDK out there profiling people based on their installed apps, but I think that most uses of these API's would turn out to be innocuous on a closer look.

For instance, I've worked on apps that check if another app from the same company is installed, so that they can integrate together. Think Facebook and Messenger: two separate apps.

It seems that this sort of innocent check would turn out in this study as a "call accessing package names". Sounds ominous at first, but I'm just asking for one package X, not scraping all your installed apps to sell you something.

Anyway, this is all being locked down in Android 11 [1]. Many of these use cases are being addressed with a more secure API, but I hope there are no apps left behind.

[1] https://developer.android.com/preview/privacy/package-visibi...




> Think Facebook and Messenger: two separate apps.

Of course, apps from the same developer should have access to alternative ways to share state.


Wait, is this sarcasm or not? If not, bypassing malware filters by spreading the parts over multiple apps with 'friendship' access rights to each other sounds like return-oriented programming with extra steps.


The number of "gadgets" in this case is very small, and most protections should work at the developer ID level anyways.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: