←back to thread

Everyone knows all the apps on your phone

(peabee.substack.com)
1192 points gniting | 1 comments | 29 Mar 25 21:26 UTC | HN request time: 0s | source
Show context
captn3m0 ◴[30 Mar 25 02:37 UTC] No.43520750[source]
The ACTION_MAIN loophole has been written about before: https://commonsware.com/blog/2020/04/05/android-r-package-vi...

Google refuses to patch this. I wonder what would happen if you submit it to the Android VDP as a permission bypass.

There’s also this SO question by the author about the bypass: https://stackoverflow.com/q/79527331

replies(5): >>43520922 #>>43521144 #>>43521275 #>>43522877 #>>43525081 #
ErigmolCt ◴[30 Mar 25 09:56 UTC] No.43522877[source]
Submitting it to the Android VDP is a solid idea, though I wouldn't be surprised if it gets waved off as "working as intended."
replies(2): >>43523990 #>>43524000 #
gregw2 ◴[30 Mar 25 13:24 UTC] No.43524000[source]
The right ("as intended", in my view) functionality would be to support a manifest with, say, five apps, and if as a dev you wanted more youd apply to google for an exception (like aws limit increases) with a list of reasons for each app.
replies(1): >>43524375 #
1. TeMPOraL ◴[30 Mar 25 14:13 UTC] No.43524375[source]
I know people may not remember this, but Android was initially designed with interoperability in mind. It's sad to see both the system development and the community opinion to have turned against it so hard.