|
|
|
|
|
|
by fuomag9
1022 days ago
|
|
|
How did they even get the android.permission.INSTALL_PACKAGES permission approved on the play store? Google clearly states that: To use this permission, your app’s core functionality must include: Sending or receiving app packages, AND
Enabling user-initiated installation of app packages.
If your app does not meet the requirements for acceptable use below, you must remove it from your app's manifest in order to comply with Google Play policy. Suggestions for policy-compliant alternative implementations are also detailed below. Which surely doesn’t seem the case for a shopping app? |
|
|
> 2) We find the android.permission entries referenced in the proprietary parts of the decompiled source code, excluding occurrences in widely used and secure standard libraries by Android, Google, Facebook, PayPal and Klarna. Why would the proprietary source code reference these permissions, if it doesn’t have the option to use them in specific scenarios? Most importantly, many of these permissions in TEMU’s source code are not listed in their Android Manifest file, which is the standardized overview source for an app. For scrutinizing permission, the Android Manifest file is the first source to check permissions. Not mentioned in the Android manifest are the permission requests for CAMERA, RECORD_AUDIO, WRITE_EXTERNAL_STORAGE, INSTALL_PACKAGES, and ACCESS_FINE_LOCATION. It is not a coincidence that these permissions are the most intrusive ones when it comes to spying potential. For comparison, all the other apps listed in the cohort table enumerate all of these permissions in their Android Manifest, if they use them at all. The only exception is ACCESS_FINE_LOCATION by TikTok.
That's... not as strong of a link as I hoped this article would make.
So the code has references to INSTALL_PACKAGES. But doesn't seem to request it yet? Am I getting the argument from this post correctly?