Interesting how Facebook & co declare queries to android.intent.action.MAIN to bypass restrictions on the QUERY_ALL_PACKAGE permission.
It allows them to get the list of all the apps installed on your system.
Source, interesting blog post on the subject: peabee.substack.com/p/everyone…
Out of curiosity, I've verified with a recent Facebook APK
Everyone knows all the apps on your phone
Until a few years ago, any app you installed on an Android device could see all other apps on your phone without your permission.peabee (Pea Bee)
S1m
Unknown parent • • •What fascinates me even more is how some self-declared infosec people are claiming this is totally fine to install these apps on their system because they are sandboxed.
We have shifted from if you need it, at least run it sandboxed to it's sandboxed so it can't do any harm.
And these people often end up saying that any critic against the GAFAM is purely ideological, without any root. Even if every 3 months they are caught bypassing yet another thing in place to spy even more on the users. (3 months ago was the localmess)
Covert Web-to-App Tracking via Localhost on Android
localmess.github.io