Last week, Google announced several updates of its Developer Program Policy that concerned Play Store apps. Among them, perhaps the most interesting change concerns a restriction that limits some developers from seeing which Android apps are installed on your device. The type of installed apps a user has on their device can transmit important personal information to the developers, such as political views or even dating preferences.
So by limiting the apps that can use the “QUERY_ALL_PACKAGES” permission – one that “gives visibility into the inventory of installed apps on a given device” – Google made a point to visibly reinforce its stance on information that contains “personal and sensitive user data” and only allow this permission to be used by apps whose “core user-facing functionality or purpose, requires broad visibility into installed apps on the user’s device.”
A focus on personal and sensitive user data
The update is scheduled to come into effect today, with some temporary exceptions. Banking apps and digital wallets as well as other apps that involve “financial transaction functionality” or “obtain broad visibility into installed apps solely for security based purposes” will be exempt.
Device search, antivirus, browsers, or file managers will also be able to use the permission. On the other hand, other apps will have to “sufficiently justify why a less intrusive method of app visibility will not sufficiently enable your app’s policy-compliant user-facing core functionality.” This way, the developers that will not provide valid reasons, might have their apps removed from the Google Play Store. This can be done by completing a declaration form where they will have to present their case.
Google is limiting what apps can see on your device
Any misuse will bring along the suspension of the offending app or even the termination of the account belonging to the developer, without any leniency even if they happen to be newly added to the Play Store or just an update to an already existing app.
“Apps that fail to meet policy requirements or do not submit a Declaration Form may be removed from Google Play,” Google wrote. “Important: If you change how your app uses these restricted permissions, you must revise your declaration with updated and accurate information. “Deceptive and non-declared uses of these permissions may result in a suspension of your app and/or termination of your developer account”.
The policy modification, which was delayed because of the covid-19 pandemic, will apply to apps that target the application programming interface (API) level 30 on devices running Android 11 or a newer version. Starting from 31 March, all new and existing apps will have a period of at least 30 days to comply with the new changes.