Interesting how Facebook & co declare queries to android.intent.action.MAIN to bypass restrictions on the QUERY_ALL_PACKAGE permission.
It allows them to get the list of all the apps installed on your system.
Source, interesting blog post on the subject: peabee.substack.com/p/everyone…
Out of curiosity, I've verified with a recent Facebook APK
Everyone knows all the apps on your phone
Until a few years ago, any app you installed on an Android device could see all other apps on your phone without your permission.peabee (Pea Bee)
Daniel Gultsch
in reply to S1m • • •the fascinating bit isn't that this works or even that apps are doing that. The fascinating part is that people don't care.
It's well know and widely reported that Facebook tracks what porn an individual user watches in incognito mode through a VPN.
As a society we are just completely privacy agnostic.
S1m
in reply to Daniel Gultsch • • •What fascinates me even more is how some self-declared infosec people are claiming this is totally fine to install these apps on their system because they are sandboxed.
We have shifted from if you need it, at least run it sandboxed to it's sandboxed so it can't do any harm.
And these people often end up saying that any critic against the GAFAM is purely ideological, without any root. Even if every 3 months they are caught bypassing yet another thing in place to spy even more on the users. (3 months ago was the localmess)
Covert Web-to-App Tracking via Localhost on Android
localmess.github.io