This document is valid from AppSealing Android version 2.28.1.0 and above
QUERY_ALL_PACKAGES(Broad package visibility) permission allows the app built with targetSdkVersion 30+ to check the installed app inventory of the device with Android 11+. The app using this permission can query all installed app lists from the smartphone.
Why AppSealing is using this permission?
AppSealing has a list of various cheat tools for Android. To detect and block the installed cheat tool, AppSealing queried all installed app lists and compared them with the blacklist of the AppSealing module.
Before Android 11, QUERY_ALL_PACAKGES permission was not required to query the installed package list, but from Android 11(app's targetSDkVersion is also 30+), The app can query the installed app list only with the permission declaration. With this change, the AppSealing team was adding QUERY_ALL_PACKGES permission to upload the app’s AndroidManifest.xml file.
What is different if the QUERY_ALL_PACKAGES permission is disabled?
From the 2.28.1.0 version, AppSealing provides an option to disable QUERY_ALL_PACKAGES permission.
If you disable this permission, AppSealing will not query all installed app lists but will add the list of cheat tools to the <queries> tag of the AndroidManifest.xml file. This will allow us to query whether specific target cheat tools are installed or not.
NOTE: When this permission is disabled, AppSealing cannot detect the cheat tools which can change their package name. To avoid critical hacking via the below tools, We strongly recommend enabling the Block Rooting option.
- Game Guardian
- Lucky Patcher
NOTE: When this permission is disabled, The Custom blacklist feature is not available for the device Android 11+
How to use this option in the AppSealing CLI tool?
You can control this option as use_query_all_packages=yes|no
at AppSealing CLI tool.
NOTE: This option is mandatory, and there is no default value. If you apply
Are there any precautions when using the QUERY_ALL_PACKAGES permission?
-
You need to submit a form to Google Play Console and get allowed to upload the app using the QUERY_ALL_PACKAGES. You can find a guide to submit a form for this.
-
Guide document for QUERY_ALL_PACKAGES form submit: How to submit QUERY_ALL_PACKAGES permission usage form at Google Play Console
-
If Google rejects the form, You need to apply AppSealing again after disabling the
use QUERY_ALL_PACKAGES
option.
-
-
If you are uploading your app to any other marketplace except the Google Play store or providing your app by yourself, you don’t need to disable the QUERY_ALL_PACKAGES option when using AppSealing.
How to stop using the QUERY_ALL_PACKAGES permission by AppSealing?
First, you need to disable the sealing option from our console, or the CLI tool.
Second, to avoid reject from Google play store app review, you should check your build`s existing pipelines, such as internal/beta/closed/open test.
If there are any app remains in the testing build with the QUER_ALL_PACKAGES permission, please replace them with the newly sealed app which disabled the QUERY_ALL_PACKAGES permission. If not, Google will recognize your app still using the QUERY_ALL_PACKAGES permission.