Android package visibility and QUERY_ALL_PACKAGES
The list of apps installed on someone's phone is sensitive: it reveals a lot about the person. Android recognized that, and since Android 11 an app can no longer freely see all the other apps on the device. By default it sees a filtered view, and to see more it must declare what it needs, or request the broad QUERY_ALL_PACKAGES permission, which Google Play tightly restricts. Most apps should declare the specific packages they care about rather than reaching for the all-packages permission. Here is what package visibility is, how QUERY_ALL_PACKAGES is governed, and how to handle visibility correctly.
Short answer
Since Android 11 (API level 30), package visibility limits which other installed apps your app can see: by default it gets a filtered list, and to query specific packages it declares them in a <queries> element in the manifest, while seeing all installed apps requires the QUERY_ALL_PACKAGES permission. Per Google Play's policy, QUERY_ALL_PACKAGES is a sensitive permission restricted to apps whose core function genuinely requires broad visibility, such as launchers, antivirus, file managers, or device management, and using it without that justification can get an app removed. The installed-apps list is treated as sensitive because it reveals user behavior, so declare only the specific packages you need and avoid QUERY_ALL_PACKAGES unless your core function requires it.
What you should know
What is package visibility?
It is the restriction, introduced in Android 11, on which other installed apps your app can see or query. Before it, an app could enumerate the full list of installed apps, which is sensitive information, the set of apps on a device reveals a lot about the user, so Android changed the default so an app sees only a filtered subset of other apps. If your app needs to interact with or detect specific other apps, you declare them in a <queries> element in your manifest, listing the package names or the intents you handle, and Android then makes those visible to you. Seeing all installed apps, rather than a declared subset, requires the QUERY_ALL_PACKAGES permission. So package visibility turned the installed-apps list from freely readable into something you must declare a need for, which is both a privacy protection for users and a configuration step for apps that genuinely interact with others.
How do QUERY_ALL_PACKAGES and the queries element compare?
One is targeted and routine, the other broad and restricted. The table contrasts them.
| Approach | Use |
|---|---|
<queries> element | Declare the specific packages or intents you need; routine and appropriate |
| QUERY_ALL_PACKAGES | See all installed apps; sensitive, restricted by Google Play |
| No declaration | See only the default filtered subset |
| Play justification | Required for QUERY_ALL_PACKAGES, by core function |
For most apps, the <queries> element is the right tool: you name the specific packages you need to interact with or detect, or the intents you handle, and gain visibility of just those, which covers the common cases like opening another app or checking whether a particular one is installed. QUERY_ALL_PACKAGES is the broad option, granting visibility of every installed app, and Google Play treats it as sensitive, allowing it only for apps whose core function genuinely requires seeing all apps, like launchers, security tools, or file managers, with a justification. Requesting it without that need is a policy problem.
How do you handle visibility correctly?
Declare the specific packages you need, and avoid the all-packages permission unless your core function requires it. Identify the other apps or intents your app genuinely needs to see, opening a specific app, detecting whether a particular one is installed, handling a given intent, and declare exactly those in your <queries> element, which is the targeted, appropriate approach. Do not request QUERY_ALL_PACKAGES unless broad visibility is core to what your app does and you can justify it to Google Play, since it is sensitive and requesting it needlessly invites rejection. And do not collect and transmit the list of installed apps as data without a clear purpose and disclosure, since that list is sensitive and treating it as harvestable data is a privacy problem. The principle mirrors least privilege: see only the apps you genuinely need to, declared specifically, rather than requesting visibility of everything.
What to watch out for
The first trap is requesting QUERY_ALL_PACKAGES when a <queries> declaration for specific packages would do, which is a sensitive permission Google Play restricts and can reject. The second is collecting the installed-apps list as data without a purpose and disclosure, since it is sensitive user information. The third is forgetting that, since Android 11, you must declare visibility, so an app that worked by enumerating apps on older versions may see a filtered list now. A pre-submission scan such as PTKD.com (https://ptkd.com) reads the compiled APK or AAB against OWASP MASVS and surfaces the permissions and queries your app declares, so you can confirm you are not requesting QUERY_ALL_PACKAGES needlessly. The declarations you set in your manifest.
What to take away
- Since Android 11, package visibility limits which other installed apps your app can see, with a filtered default, specific packages declared via
<queries>, and all apps requiring QUERY_ALL_PACKAGES. - QUERY_ALL_PACKAGES is a sensitive permission Google Play restricts to apps whose core function requires broad visibility, and requesting it needlessly can get an app removed.
- Declare the specific packages or intents you need with
<queries>, avoid QUERY_ALL_PACKAGES unless required, and do not harvest the installed-apps list without purpose and disclosure. - Use a pre-submission scan such as PTKD.com to confirm your app declares only the visibility it needs and is not requesting QUERY_ALL_PACKAGES needlessly.
- #android
- #package-visibility
- #query-all-packages
- #permissions
- #privacy
- #google-play
- #android-11
Frequently asked questions
- What is Android package visibility?
- It is the restriction, introduced in Android 11, on which other installed apps your app can see. Before it, an app could enumerate all installed apps, which is sensitive since the set of apps reveals a lot about the user, so Android changed the default to a filtered subset. To see specific apps you declare them in a queries element in your manifest, and to see all installed apps you need the QUERY_ALL_PACKAGES permission. It is both a privacy protection and a configuration step for apps that interact with others.
- When do I need QUERY_ALL_PACKAGES?
- Only when your app's core function genuinely requires seeing all installed apps, such as a launcher, antivirus, file manager, or device-management app. It is a sensitive permission that Google Play restricts and requires you to justify, and requesting it without that need can get your app removed. Most apps do not need it: if you only need to interact with or detect specific apps, declare those in a queries element instead, which is the targeted, appropriate approach.
- How do I declare the apps I need to see?
- Use a queries element in your manifest to name the specific packages you need to interact with or detect, or the intents you handle, and Android makes just those visible to you. This covers common cases like opening another app or checking whether a particular one is installed, without the broad QUERY_ALL_PACKAGES permission. It follows least privilege: declare visibility of only the apps you genuinely need, rather than requesting visibility of everything on the device.
- Is the list of installed apps sensitive?
- Yes. The set of apps a person has installed reveals a lot about their behavior, interests, and circumstances, which is why Android restricted access to it and treats broad visibility as a sensitive permission. So do not collect and transmit the installed-apps list as data without a clear purpose and disclosure, since harvesting it is a privacy problem. Treat it as sensitive user information, and only access the specific package information your features genuinely require.
- How do I check my app's package visibility usage?
- Scan the build. A pre-submission scan such as PTKD.com reads the compiled APK or AAB against OWASP MASVS and surfaces the permissions and queries your app declares, so you can confirm you are not requesting QUERY_ALL_PACKAGES needlessly and are declaring only the package visibility you need. If it shows QUERY_ALL_PACKAGES without a core-function justification, the fix is to replace it with a targeted queries declaration for the specific packages your app actually uses.
Keep reading
Journal · PrivacyAndroid Health Connect and sensitive health data securityHealth Connect is Android's central store for deeply personal health data, with granular permissions and a strict policy. Here is how to request and handle it securely.8 min read- Journal · PrivacyGoogle Play's account and data deletion requirementIf your app allows account creation, Google Play requires deletion both in-app and via a web link, and deleting the account must delete the data. Here is how to comply.8 min read
- Journal · PrivacyAndroid advertising ID and App Set ID privacyThe advertising ID is for ads and user-resettable; the App Set ID is for analytics and fraud. Use the right one, declare AD_ID, and respect resets. Here is how.8 min read
- Journal · PrivacyAndroid clipboard privacy: what to knowSince Android 12 the system flags apps that read the clipboard, which often holds passwords or codes. Read it only on user action. Here is how to handle it respectfully.7 min read
Scan your app in minutes
Upload an APK, AAB, or IPA. PTKD returns an OWASP-aligned report with copy-paste fixes.
Try PTKD free