Effective June–September 2021
This article previews recently announced Developer Program Policy changes that will come into effect June–September 2021.
Due to COVID-19 related considerations, enforcement for apps that target Android 11 (API level 30) and request QUERY_ALL_PACKAGES will not start until late 2021. This includes new apps as well as updates to existing apps. Google Play will communicate detailed enforcement timelines before June 2021.
Google Play restricts the use of high risk or sensitive permissions, including the
QUERY_ALL_PACKAGES permission, which gives visibility into the inventory of installed apps on a given device. Play regards the device inventory of installed apps queried from a user’s device as personal and sensitive information, and use of the permission is only permitted when your app's core user facing functionality or purpose, requires broad visibility into installed apps on the user’s device.
If your app does not meet the requirements for acceptable use below, you must remove it from your app's manifest in order to comply with Play policy. Suggestions for policy-compliant alternative implementations are also detailed below.
If your app meets the policy requirements for acceptable use of the
QUERY_ALL_PACKAGES permission, you will be required to declare this and any other high risk permissions using the Declaration Form in Play Console.
Apps that fail to meet policy requirements or do not submit a Declaration Form may be removed from Google Play.
Important: If you change how your app uses these restricted permissions, you must revise your declaration with updated and accurate information. Deceptive and non-declared uses of these permissions may result in a suspension of your app and/or termination of your developer account.
When should you request the Query all packages permission?
QUERY_ALL_PACKAGES permission only takes effect when your app targets Android API level 30 or later on devices running Android 11 or later.
To use this permission, your app must fall within permitted uses below, and have a core purpose to search for all apps on the device. You must be able to sufficiently justify why a less intrusive method of app visibility will not sufficiently enable your app's policy compliant user facing core functionality.
Core functionality is defined as the main purpose of the app. Without this core ability to search for all apps on the device, the app is "broken" or rendered unusable. The core functionality, as well as any core features that comprise this core functionality, must all be prominently documented and promoted in the app's description.Permitted uses of the Query all packages permission
Permitted use involves apps that must discover any and all installed apps on the device, for awareness or interoperability purposes may have eligibility for the permission. Permitted use includes device search, antivirus apps, file managers, and browsers.
Apps granted access to this permission must comply with the User Data policies, including the Prominent Disclosure and Consent requirements, and may not extend its use to undisclosed or invalid purposes.
Google Play may provide a temporary exception to the following apps that do not qualify as permitted use designated above.
Apps that have a verifiable core purpose involving financial transaction functionality (e.g., dedicated banking, dedicated digital wallet) may obtain broad visibility into installed apps solely for security based purposes.
Below is a list of use cases that won't be permitted to request the
- Where use of the permission is not directly related to the core purpose of the app.
- This includes Peer-to-Peer (P2P) sharing. P2P must be the core purpose of the app in order to qualify as a permitted use.
- When the data is acquired for the purpose of sale.
- When the required task can be done with a less broad app visibility method.
Note: This list is not exhaustive. For in depth guidance on alternative options and best practices, please refer to the Managing Package Visibility guidance for developers.