Google Play restricts the use of high-risk or sensitive permissions, including the QUERY_ALL_PACKAGES
permission, which gives visibility into the inventory of installed apps on a given device. Play regards the inventory of installed apps queried from a user’s device as personal and sensitive information, and the use of the permission is only permitted when your app's core user-facing functionality or purpose requires broad visibility into installed apps on the user’s device.
If your app does not meet the requirements for acceptable use below, you must remove it from your app's manifest in order to comply with Play policy. Suggestions for policy-compliant alternative implementations are also detailed below.
If your app meets the policy requirements for the acceptable use of the QUERY_ALL_PACKAGES
permission, you will be required to declare this and any other high-risk permissions using the Permissions Declaration Form in Play Console.
Apps that fail to meet the policy requirements or do not submit the Permissions Declaration Form may be removed from Google Play.
Important: If you change how your app uses these restricted permissions, you must revise your declaration with updated and accurate information. Deceptive and undeclared uses of these permissions may result in a suspension of your app and/or termination of your developer account.
When should you request the QUERY_ALL_PACKAGES permission?
The QUERY_ALL_PACKAGES
permission only takes effect when your app targets Android API level 30 or later on devices running Android 11 or later.
To use this permission, your app must fall within permitted uses below, and have a core purpose to search for all apps on the device. You must be able to adequately justify why a less intrusive method of app visibility will not sufficiently enable your app's policy-compliant user-facing core functionality.
Core functionality is defined as the main purpose of the app. Without this core ability to search for all apps on the device, the app is 'broken' or becomes unusable. The core functionality, as well as any core features that comprise this core functionality, must all be prominently documented and promoted in the app's description.
Permitted uses of the QUERY_ALL_PACKAGES permissionPermitted uses involve apps that must discover any and all installed apps on the device, for awareness or interoperability purposes may have eligibility for the permission. Permitted uses include device search, antivirus apps, file managers and browsers.
Apps granted access to this permission must comply with the User data policies, including Prominent disclosure and consent requirement, and may not extend its use to undisclosed or invalid purposes.
Google Play may provide a temporary exception to the following apps that do not qualify as permitted uses designated above.
- Real-money gambling apps where the core purpose of the app is real money gambling and where the app requires broad package visibility in order to comply with technical standards mandated by applicable geofencing regulations.
- Apps that have a verifiable core purpose facilitating financial transactions involving financially-regulated instruments (for example, dedicated banking, dedicated digital wallets) may obtain broad visibility into installed apps solely for security-based purposes.
In accordance with our Personal loans policy, use for the purpose of any personal loan, credit or reason facilitating access to personal loans is not eligible for this exception.
Developers are encouraged to proactively implement alternative security or fraud prevention solutions that do not rely on the QUERY_ALL_PACKAGES
permission.
Below is a list of use cases that won't be allowed to request the QUERY_ALL_PACKAGES
permission:
- Where the use of the permission is not directly related to the core purpose of the app.
- This includes peer-to-peer (P2P) sharing. P2P must be the core purpose of the app in order to qualify as a permitted use.
- When the data is acquired for the purpose of sale.
- When app inventory data queried from Play-distributed apps are intended to be sold or shared for analytics or ads monetisation purposes.
- When the required task can be done with a less broad app-visibility method.
Note: This list is not exhaustive. For in-depth guidance on alternative options and best practices, see Package visibility filtering on Android.