Obsolete
Status Update
Comments
dn...@google.com <dn...@google.com>
dn...@google.com <dn...@google.com> #2
Thank you for reporting this issue.
Once we launch the app it asks for google account to select. After selecting , it will ask for user's permission to list the purchased apps as shown in the attached screenshot.
For us to further investigate this issue, please provide the following additional information:
Expected output
What is the expected output?
Please clearly explain the expected results.
Current output
What is the current output?
Please clearly explain the current results.
Once we launch the app it asks for google account to select. After selecting , it will ask for user's permission to list the purchased apps as shown in the attached screenshot.
For us to further investigate this issue, please provide the following additional information:
Expected output
What is the expected output?
Please clearly explain the expected results.
Current output
What is the current output?
Please clearly explain the current results.
lb...@gmail.com <lb...@gmail.com> #3
@2 Where does it show here in the dialog which kind of information will be shared with the app?
Also, how come it's not documented for developers how to get this? I've searched everywhere...
Asking on Stack overflow with a hige bounty, nobody found it either, and one claimed that it's not documented and because of this, the app actually using an exploit in Google services.
If this is incorrect, please show the docs for it.
If it's correct, please consider offering such API. Could be useful
Also, how come it's not documented for developers how to get this? I've searched everywhere...
Asking on Stack overflow with a hige bounty, nobody found it either, and one claimed that it's not documented and because of this, the app actually using an exploit in Google services.
If this is incorrect, please show the docs for it.
If it's correct, please consider offering such API. Could be useful
dn...@google.com <dn...@google.com> #4
Are you not the permission window which is showing in screenshot shared in comment #2 while testing this issue?
lb...@gmail.com <lb...@gmail.com> #5
@4 Please look at the screenshot too, and then read what I wrote.
It doesn't tell there anything of which information will be shared.
Only says "...would like to androidmarket".
Also, if this is supposed to be an available API, please have documentation about it.
It doesn't tell there anything of which information will be shared.
Only says "...would like to androidmarket".
Also, if this is supposed to be an available API, please have documentation about it.
dn...@google.com <dn...@google.com> #6
We have passed this to the development team and will update this issue with more information as it becomes available.
dn...@google.com <dn...@google.com> #7
We've deferred this issue for consideration in a future release. Thank you for your time to make Android better.
dn...@google.com <dn...@google.com> #8
In case you want to provide more information with respect to this bug, please file a bug in AOSP via "https://goo.gl/TbMiIO ".
is...@google.com <is...@google.com>
sa...@google.com <sa...@google.com> #9
We will be closing this bug due to being logged in a Preview version of Android. If the issue is still relevant and reproducible in the latest public release (Android Q), please capture a bugreport and log the bug in https://goo.gl/TbMiIO . If a reply is not received within the next 14 days, this issue will be closed. Thank you for your understanding.
Description
And found there is an app that lets you see a list of all purchased apps, so I tried to find how it's done, so that I can do it too:
I was so interested in such an API that I've set a huge bounty, because I could't find anything about it in the docs.
Later I was sadly told it's not official, and is actually forbidden.
* Which Developer Preview build are you using? See Settings > About phone > Build number (for example OPP5.170921.005).
PPP1.180208.014
* Is this a regression from O to P?
I think it probably occurs on all Android versions.
* What device are you using? (for example, Pixel XL)
Pixel 2
* What are the steps to reproduce the problem? (Please provide the minimal reproducible test case.)
1. Install the next app and select the Google account it shows you in its dialog:
* Issue Category e.g. Framework (platform), NDK (platform), Hardware (CPU, GPU, Sensor, Camera), ART (platform), Runtime Permissions etc
Security
* What was the expected result?
As I was told, this is a security flaw that was exploited.
So, it shouldn't be possible without the user granting a permission, to get a list of purchased apps.
* Can you provide the API document where this expected behavior is explained?
No.
* What was the actual result?
This app is capable of doing so nevertheless.
Please, if there is such an API, present it to everyone. And if there is no API, please do consider having it. It can be useful.
Of course, if there is any permission that's needed to be granted manually by the user, present it.