Permission Granted? How Android’s App List Protection Fails in Practice

A substantial volume of private data resides on smartphones, necessitating robust operating system protections. The prevalence of advertising and tracking libraries has significant business for such personally identifiable information (PII), including the list of installed apps—a PII type (previously) often exploited by trackers and advertisers. Recent Android versions have sought to restrict access to such data, notably through the high-risk QUERY_ALL_PACKAGES permission, which is now tightly regulated through Google Play. However, our responsibly disclosed alternative method for querying installed apps intentionally remains unrestricted, undermining these protective measures. Our analysis of the top 2,000 Google Play apps reveals that already exploit this loophole to access the user’s installed app lists.