[dragontamer]

Hmmm.

> 2) We find the android.permission entries referenced in the proprietary parts of the decompiled source code, excluding occurrences in widely used and secure standard libraries by Android, Google, Facebook, PayPal and Klarna. Why would the proprietary source code reference these permissions, if it doesn’t have the option to use them in specific scenarios? Most importantly, many of these permissions in TEMU’s source code are not listed in their Android Manifest file, which is the standardized overview source for an app. For scrutinizing permission, the Android Manifest file is the first source to check permissions. Not mentioned in the Android manifest are the permission requests for CAMERA, RECORD_AUDIO, WRITE_EXTERNAL_STORAGE, INSTALL_PACKAGES, and ACCESS_FINE_LOCATION. It is not a coincidence that these permissions are the most intrusive ones when it comes to spying potential. For comparison, all the other apps listed in the cohort table enumerate all of these permissions in their Android Manifest, if they use them at all. The only exception is ACCESS_FINE_LOCATION by TikTok.

That's... not as strong of a link as I hoped this article would make.

So the code has references to INSTALL_PACKAGES. But doesn't seem to request it yet? Am I getting the argument from this post correctly?