Comment by JohnFen
2 months ago
That's pretty cool, but the article says that most apps that are doing this sort of thing aren't using the query all packages permission and instead are using the facility to provide a specific list of apps they're checking for, which is not permission-gated.
It is. It specifically says that the apps must be declared in the manifest like other permissions. So it's a specific permission for each app really. F-Droid could query that if it wants to (not sure if it does)
Did you stop reading before the post got to the MAIN loophole that doesn't require the list of apps in the manifest? How does F-droid describe MAIN?
Yeah I did as the article was a bit long. But I'm sure this is detectable too as it must be in the manifest.
1 reply →