What does QUERY_ALL_PACKAGES permission do?

Question

Android R Preview 1 introduced a new permission called QUERY_ALL_PACKAGES. The documentation for the permission says the following:

Allows query of any normal app on the device, regardless of manifest declarations.

Has anyone worked out what this actually does?

I've tried running the following on the emulator image, and the permission had no effect on either of them:

packageManager.queryIntentActivities(intent, 0)
packageManager.getInstalledPackages(0)

can you please elabroate wheere you have put this Query and this of ACTION_CAPTURE, DO you have idea for SENDTO, SEND TO MULTIPLE? — PankajAndroid, Jan 12 '21 at 05:47
Yes, it really does not work, I'm also having problems with that. — AllanRibas, May 25 '22 at 05:44

score 29 · Answer 1 · answered Mar 08 '21 at 07:52

29

Even when permission QUERY_ALL_PACKAGES is added, you still need to add <queries> filter to your AndroidManifest.

E.g. for the launcher app it might be:

<permission android:name="android.permission.QUERY_ALL_PACKAGES" />

<queries>
    <intent>
        <action android:name="android.intent.action.MAIN" />
    </intent>
</queries>

answered Mar 08 '21 at 07:52

Flovettee

895
1
8
9

1

Docs about intent filters https://developer.android.com/training/basics/intents/package-visibility#intent-signature – Flovettee Mar 08 '21 at 07:58
Thanks, this is easier to follow than the accepted answer. If you add more detail about what the permission does and what you need to put in the `` element, then I'll make this the accepted answer. – Sam Mar 08 '21 at 09:28
We only need to query the packageName of the calling component through the Android PackageManager and not access the app itself. So for this also do we have to add the queries in the manifest? Thanks in advance. – sameer pradhan Apr 26 '21 at 10:52
8

I think you should be using instead of the way google uses https://android.googlesource.com/platform/packages/apps/Bluetooth/+/master/AndroidManifest.xml#76 means you are declaring / overriding a new permisison and may cause an installation error with DUPLCAITE_PERMISSION on devices lower than Android11 if other apps put this same permssion. implies you are using a predefined system permission – Nilesh Pawar Oct 28 '21 at 06:31
4

you should use `` instead of ``, which means you are requesting that permission while the latter means you are defining the permission (as of android S, this permission is not discouraged) – Minami Apr 15 '22 at 10:21
I'm targeting Android 11 and i used these permission in Android manifest file `` and ` `. But my app gets rejected again and again. Please help to solve. – Sharath B Naik Jul 13 '22 at 14:11
"Even when permission QUERY_ALL_PACKAGES is added, you still need to add filter to your AndroidManifest." - This is not true. It only seems this way because you have used `permission` instead of `uses-permission`. – BLuFeNiX Mar 02 '23 at 23:05

score 11 · Accepted Answer · answered Mar 19 '20 at 23:39

11

They cover this more now that DP2 is out.

Quoting myself:

While I haven't tested this aspect of R DP2 yet, it appears that your app now can't find out what other apps are installed, on a general basis. The cited example is queryIntentActivities(), but to make this really work you would need to seriously lobotomize PackageManager. You can whitelist certain packages and certain <intent-filter> structures to try to get by this for certain use cases. And, this is where the mysterious QUERY_ALL_PACKAGES permission seen in DP1 comes into play — this permission removes these new restrictions. Given the "look for Google Play to provide guidelines for apps that need this permission" caveat, it is safest to assume that if you try using it, eventually you will be banned from the Play Store by a bot.

So, you might want to re-try your experiments on DP2. I plan to do the same in the coming weeks.

answered Mar 19 '20 at 23:39

CommonsWare

986,068
189
2,389
2,491

1

Thanks! I've accepted this answer since it links to the official documentation, which had enough info for me to get it working. After updating to DP2, my calls to `queryIntentActivities()` only returned a few apps. I added the `` element to the manifest to declare the intents that I was passing to `queryIntentActivities()`, and then `queryIntentActivities()` started returning all the relevant apps again. – Sam Mar 21 '20 at 00:16
2

I'm curious about something. On applications that require all apps listing (such as a home launcher app, or a utility app that does stuff to other apps depending on user's input) is adding the permission considered dangerous? Or, does this affect the call `PackageManager.getInstalledApplications()` ? If it does affect, what should we do to fetch installed applications without adding the permission then? – Furkan Yurdakul Apr 01 '20 at 11:47
1

@FurkanYurdakul: They have language in the docs that suggests that requesting `QUERY_ALL_PACKAGES` will need to be approved (probably via a form) to be able to distribute your app on the Play Store. Launchers should have few(er) problems, as you can use the `` element to whitelist the ability to query for `HOME`/`LAUNCHER` activities. I have not done a complete test for what is and is not affected in `PackageManager`, but my guess is that `getInstalledApplications()` will be affected. – CommonsWare Apr 01 '20 at 11:59
@Sam even I also checked on Android 11 beta, still, all packages list is coming from above APIs. Didn't see any impact as mentioned in the android 11 change doc. – Vikram Jun 23 '20 at 10:05
@El., I haven't tested this since the beta, but I wonder if the changes only apply if you change your app's target version to `30`? – Sam Jun 23 '20 at 10:18
1

Yes, I had checked with target 30 only. No impact at all. – Vikram Jun 23 '20 at 12:38
@CommonsWare Sam can you please elabroate wheere you have put this Query and this of ACTION_CAPTURE, DO you have idea for SENDTO, SEND MULTIPLE? i trying to fetch email app where i need to send email – PankajAndroid Jan 12 '21 at 05:48
@CommonsWare I have some services I wrote that are accessed via AIDL following your guide (did this some time ago).. Now when I install my service APKs on version 11 and API 30 I get PackageSetting{a33cc1d com.lni.proprietary.kinsanew/10378} BLOCKED. I can't figure out how to get around this. THese are MY services to accessed by my app! Why the hell are they blocking it? – Brian Reinhold Feb 19 '21 at 14:31
@BrianReinhold: If you mean that you have multiple APKs, my guess is that this restriction is not checking for same-signature APKs, and therefore it treats your APKs the same as any others. OTOH, it shouldn't be too difficult for you to add a `` element to cover your case. I did that [here](https://gitlab.com/commonsguy/cw-android-r/-/blob/vFINAL/EmbedClient/src/main/AndroidManifest.xml) for a sample where my client needed to bind to a service in a separate app of mine. – CommonsWare Feb 19 '21 at 14:48
@CommonsWare what I ended up doing (and it appears to work) is to add this permission to the application manifest and then added android:exported="true" to each of the apk services. I don't know if I need both or just one of them. I don't know if this is the right thing to do. I like your solution better; it makes more sense. I think what bothers me most in these solution options is the use of 'QUERY'. I don't really get why they chose that term. – Brian Reinhold Feb 20 '21 at 17:51
@BrianReinhold: "I don't know if this is the right thing to do" -- it might not be allowed to ship on the Play Store, unless you have a very good reason for that permission. I do not know your situation and whether or not that would be a concern. "I don't really get why they chose that term" -- the core operation that they are defending is querying the `PackageManager` for installed apps and available components. Other things layer on top of that. It is unclear to me why `bindService()` is affected and `startActivity()` is not, though. – CommonsWare Feb 20 '21 at 18:01
@CommonsWare I tried your ' approach and it did not work. My APK was blocked. However, what binds to my APKs is not the application, but a library module that the application uses. Maybe I need to put the entry into that manifest? Well, trying that didn't work either. I don't understand this blocking thing. – Brian Reinhold Feb 22 '21 at 10:22
@CommonsWare I see the problem. In my element I was using the AIDL interface not the package name of APK itself. That is a bad thing for me, because the idea is to get those service APKs using my AIDL interface, regardless of what they call themselves. Is there a way to put a package filter on that? I thought that was the whole idea of using an AIDL interface! – Brian Reinhold Feb 22 '21 at 11:26
@BrianReinhold: "the idea is to get those service APKs using my AIDL interface, regardless of what they call themselves" -- `bindService()` takes an `Intent`, so, somehow, you are creating an `Intent` that identifies what you bind to. My guess is that you are trying to query `PackageManager` for services that match some `Intent` structure. If so, use that `Intent` structure in ``. `` largely maps 1:1 to how you assemble your `Intent`. – CommonsWare Feb 22 '21 at 12:19
@CommonsWare I did try that but not get anything to work. You are correct; I use an `Intent` as follows `Intent implicit = new Intent(IProprietaryDeviceHandler.class.getName()); List matches = context.getPackageManager().queryIntentServices(implicit, 0);` But I could not figure out an acceptable `' action entry in the manifest for the Intent. There were a lot to choose from and I tried a few but I could not really find one I thought was approrpriate. – Brian Reinhold Feb 23 '21 at 13:44
@BrianReinhold: For that `Intent`, I would expect `` would work, swapping in a real value for that fake package name. – CommonsWare Feb 23 '21 at 14:03
@CommonsWare You are a genius! Thanks a big load! – Brian Reinhold Feb 24 '21 at 18:47

score 10 · Answer 3 · edited Dec 18 '22 at 11:20

Android 11 introduced changes related to package visibility. These changes affect applications, only if they target Android 11 and above. For more information on these changes, please view the official documentation about package visibility on Android.

https://developer.android.com/training/package-visibility

https://developer.android.com/about/versions/11/privacy/package-visibility

In my case, it was Cordova Android v10.1.1, targetSdkVersion = 30

I added

<queries>
  <package android:name="com.google.android.gm" />
  <package android:name="com.facebook.katana" />
  <intent>
    <action android:name="android.intent.action.VIEW" />
    <data android:scheme="https" />
  </intent>
  <intent>
    <action android:name="android.intent.action.DIAL" />
    <data android:scheme="tel" />
  </intent>
  <intent>
    <action android:name="android.intent.action.SEND" />
    <data android:mimeType="*/*" />
  </intent>
</queries>

to my AndroidManifest.xml

score 4 · Answer 4 · answered Jul 09 '21 at 09:45

4

If the app tries to communicate to another app then this permission should be added for Android 11+, else those apps won't work/trigger

answered Jul 09 '21 at 09:45

Exceptional

2,994
1
18
25

What does QUERY_ALL_PACKAGES permission do?

4 Answers4

Linked