Comment by potatolicious

Comment by potatolicious 21 hours ago

1 reply

View on Hacker News

Not to mention even just this article exposed a just-for-fun API that ended up having a negative effect and had to be removed:

`isUserAGoat` ended up allowing any caller to determine if a specific app is installed on the system, which is a privacy violation and allows fingerprinting against the user's consent.

I get the desire to make the job more fun than just implementing a spec, but many of the things we work on are very important and very complex, with oodles of real-world consequences. That unfortunately means everything we do has to be well-considered and not off-the-cuff.

pineappletooth 19 hours ago

Well it was not an issue back then since any app was able to query certain arbitrary specific apps (and yes some apps used to query a big list).

They disabled the "fun" function in android 11 with the arrive of the QUERY_ALL_PACKAGES permission.

Reply View 0 replies