But a single app can request to know the presence of up to 50 apps, right?
replyAnd a data broker/aggregator can purchase such data from many (e.g. thousands) of apps and aggregate it, then sell it.
Yes indeed, the limit is 50 which is of course enough to fully profile "regular people" who only have a handful of apps. Also don't forget, Meta/Google/TikTok/WhateverPalantir are updated weekly which means they can tweak their LSApplicationQueriesSchemes list and cover even more apps if they want to.
replyAre there legitimate reasons why an App should know I have installed?
replyBack before Apple allowed users to set the default browser I had a feature in my app that presented a list of installed browsers when a user opens an external link, giving them the option to choose where it opened.
replyAndroid gives me that option at the OS level.
replyE.g if gmail knows that you have maps or chrome it can deep link you into a particular view instead of opening safari.
replyAt the IS level, Android gives me the option to open links in the corresponding app.
replyYou cannot provide a large list of unrelated applications since Apple rejects that during app review.
replyThank you for the clarification!
You cannot provide a large list of unrelated applications since Apple rejects that during app review.
It does not need to be a large list though I think? You just need a small list that is very discriminative and adds enough additional entropy to uniquely identify you in combination with the other data leaked.
It is terrifying to learn that apps are allowed knowledge about any other app being installed on my phone. Where can I see that list?
replyInfo.plist
reply> Apple added these restrictions because installed app lists can be used for fingerprinting and privacy invasive profiling.
replyAnd this was heavily exploited by Facebook before Apple patched it