Google has announced some changes in its Developer Program Policy that will not allow bad actors to spy on you. The company is restricting the use of high-risk or sensitive permissions. This includes access to the list of apps installed on an Android device, by any app. It means that Google is limiting apps downloaded to your Android device from gaining access to the installed app inventory until it is necessary for it to undertake its core user-facing functionality.

According to a post on the Google Play Console Help support page, if an app does not meet the requirements for acceptable use, the developer must remove it from the app’s manifest to comply with the new policy. The new changes will come into effect starting May 5. Google says it regards “the device inventory of installed apps queried from a user’s device as personal and sensitive information.”

This change will make it harder for apps to spy on what apps are installed on your phone. Hence, strengthening measures for user privacy. For reference, if apps have access to your device’s app inventory, it can be used for targeted advertisements or for malicious purposes. The updated policy says, “must be able to sufficiently justify why a less intrusive method of app visibility will not sufficiently enable [their] app’s policy compliant user-facing core functionality.”

If a developer’s app meets the policy requirements for acceptable use of the app inventory, they will be required to declare the high-risk permissions using the Declaration Form in the Play Console. If this Declaration Form is not submitted or if the app fails to meet policy requirements, the app may be removed from Google Play. Moreover, the declaration needs to be revised and updated with accurate information in case there are changes in order to comply with the policy changes.
That being said, the new changes will only take effect when an app targets Android API level 30 or later on devices running Android 11 or later.