←back to thread

Everyone knows all the apps on your phone

(peabee.substack.com)
1192 points gniting | 6 comments | 29 Mar 25 21:26 UTC | HN request time: 1.198s | source | bottom
Show context
captn3m0 ◴[30 Mar 25 02:37 UTC] No.43520750[source]
The ACTION_MAIN loophole has been written about before: https://commonsware.com/blog/2020/04/05/android-r-package-vi...

Google refuses to patch this. I wonder what would happen if you submit it to the Android VDP as a permission bypass.

There’s also this SO question by the author about the bypass: https://stackoverflow.com/q/79527331

replies(5): >>43520922 #>>43521144 #>>43521275 #>>43522877 #>>43525081 #
1. izacus ◴[30 Mar 25 03:48 UTC] No.43521144[source]
What do you mean with "refused to patch this"? Google will reject any app publishing attempt that asks for that filter and isn't a launcher on Play store.
replies(3): >>43521267 #>>43521347 #>>43523028 #
2. jim201 ◴[30 Mar 25 04:11 UTC] No.43521267[source]
Author claims that this same hack is used widely, including by apps on the Play Store like Snapchat and Facebook.
3. whatevertrevor ◴[30 Mar 25 04:29 UTC] No.43521347[source]
How is that congruent with the article's claim that 31 out of 47 apps they tested had this filter?
replies(1): >>43521390 #
4. izacus ◴[30 Mar 25 04:37 UTC] No.43521390[source]
No idea, but we did have apps rejected because of similar permissions.
replies(1): >>43521629 #
5. cAtte_ ◴[30 Mar 25 05:37 UTC] No.43521629{3}[source]
"similar". so what you said isn't true then?
replies(1): >>43523158 #
6. Mindwipe ◴[30 Mar 25 10:33 UTC] No.43523028[source]
The HSBC bank app uses this and is in the Play Store.