This has been going on for years, Google knows about it, and intentionally leaves it unfixed.
> Out of 47 Indian apps I randomly analyzed, 31 of them used the "ACTION_MAIN" filter - giving them access to see all the apps on your phone without any disclosure. That's 2 out of 3 apps.
Of course there's hundreds of other variants of malware, this is just one of the most prevalent.
No they don't? The whole article is about the fact that they're using a loophole. I just checked Zomato's Play Store page, it doesn't say it collects "other installed apps", which is what it should be saying. For example, one of the other listed apps does have this. That's what it should be listing: "Installed apps".
I'm sorry, I gave you too much credit. Is your argument that the "ACTION_MAIN" intent filter somehow gives you access to all installed apps? Do you have any reasoning or Google API documentation to support this?
This has been going on for years, Google knows about it, and intentionally leaves it unfixed.
> Out of 47 Indian apps I randomly analyzed, 31 of them used the "ACTION_MAIN" filter - giving them access to see all the apps on your phone without any disclosure. That's 2 out of 3 apps.
Of course there's hundreds of other variants of malware, this is just one of the most prevalent.