Indian Apps Secretly Accessing Your Installed Apps: A Privacy Nightmare
A recent investigation reveals a shocking privacy breach by numerous popular Indian apps. Researchers discovered that apps like Swiggy and Zepto, among others, secretly access lists of other installed apps on users' phones via their AndroidManifest.xml files, far beyond what's needed for core functionality. This includes not only payment apps and competitors but also seemingly unrelated apps like games and calendars. Even more alarming, many apps exploit an Android system loophole, using the `ACTION_MAIN` filter to access all apps without requiring special permissions. This severely compromises user privacy, enabling user profiling for targeted advertising and potentially price discrimination. The investigation also uncovered loan apps circumventing Play Store policies by listing hundreds or even thousands of app package names. This highlights a serious flaw in Android's package visibility policy and raises concerns about data security.