"android.intent.action.MAIN" intent in queries element in AndroidManifest.xml

Question

By including the following <intent> element within the <queries> tag in the AndroidManifest.xml file, I can access a list of all installed apps on a device:

<queries>
    <intent>
        <action android:name="android.intent.action.MAIN" />
    </intent>
</queries>

Since most Android apps have a launcher activity, doing the following returns all the apps installed in an android device:

getPackageManager().queryIntentActivities(new Intent(Intent.ACTION_MAIN), PackageManager.MATCH_ALL)

Isn't this a potential privacy loophole and almost equivalent to the very sensitive QUERY_ALL_PACKAGES permission? I see so many apps with this intent element under the queries element in their manifest files.

Answer 1

doing the following returns all the apps installed in an android device:

FWIW, that code returns activities, not apps.

Isn't this a potential privacy loophole and almost equivalent to the very sensitive QUERY_ALL_PACKAGES permission?

Yes, which is why I and others wrote about this years ago.

Bear in mind that Google (and other app distributors) could penalize developers for having overly-broad <queries> requests.