It's still possible, you just need to declare which other apps you query for. Even then, there are loopholes that still let you query for all apps installed on the device.

But HSBC app declares "<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/>" permission, which requires an explicit approval (https://support.google.com/googleplay/android-developer/answ...) but

> Apps that have a verifiable core purpose facilitating financial-transactions involving financially regulated instruments (for example, dedicated banking, dedicated digital wallets) may obtain broad visibility into installed apps solely for security-based purposes.

Everyone knows all the apps on your phone

https://peabee.substack.com/p/everyone-knows-what-apps-you-u...

Discussion: https://news.ycombinator.com/item?id=43518866

You can still request permission to use it for apps distributed via Google Play for a limited set of use cases:

https://support.google.com/googleplay/android-developer/answ...

which is then subject to Google reviewing and approving it.

I assume HSBC are using the "antivirus" use case.

Interesting, that also permits:

> Real-money gambling apps where the core purpose of the app is real money gambling and where the app requires broad package visibility in order to comply with technical standards mandated by applicable geofencing regulations.

I presume that's to allow the gambling apps to make sure you don't have a location spoofing app installed?

13 year olds can get groomed and addicted to gambling, be they at home, school, or a bus stop. But God forbid you install an app outside the approved™ app store®, citizen. What a world.

> I assume HSBC are using the "antivirus" use case.

There's an exception for banking apps

> Apps that have a verifiable core purpose facilitating financial-transactions involving financially regulated instruments (for example, dedicated banking, dedicated digital wallets) may obtain broad visibility into installed apps solely for security-based purposes.