On Android most apps started bundling androidx/jetpack compat libraries that help deal with various API versions, and generally make the development much, _much_ easier. These days apps will also bundle the entire new Android UI framework (Compose) while in the past all the UI code was using framework classes.
Other than that, some popular and useful libraries will bundle native libs (for example for sql), and some ad/analytics/corporate SDKs will use native libs to share code between platforms and for obfuscation. These corporate SDKs (like Zendesk) will also notoriously break Android minification tools, because why bother
Google Play offers such functionality already, it's called App Bundles. Instead of uploading an entire APK, the developers can upload the app assets that get bundled into device-specific APKs containing only the resources necessary for the end device. So you'd only get native libs for your phone CPU architecture, translations for the device language and image assets matching the device resolution for example. In fact, I think it's mandatory now to use the app bundles format (but you're still free to configure it to some extent)
I now see the article is about iOS app, but it looks like the Android app is anywhere between 50mb and 100mb (depending on the apk download side I look at) which is much more reasonable
Yes but it would be nice to see the targets, so you know how far off from an optimal solution you are. I know I'd spend more time looking for better solves if I knew the current one can be improved
It's automatically granted but the app needs to declare it in order to access internet. Because of that it's not enough that the app _currently_ doesn't request internet permissions, because if it ever starts, it would be mostly transparent to a user
> I assume HSBC are using the "antivirus" use case.
There's an exception for banking apps
> Apps that have a verifiable core purpose facilitating financial-transactions involving financially regulated instruments (for example, dedicated banking, dedicated digital wallets) may obtain broad visibility into installed apps solely for security-based purposes.
It's still possible, you just need to declare which other apps you query for. Even then, there are loopholes that still let you query for all apps installed on the device.
> Apps that have a verifiable core purpose facilitating financial-transactions involving financially regulated instruments (for example, dedicated banking, dedicated digital wallets) may obtain broad visibility into installed apps solely for security-based purposes.
> Make sure smart-devices make extremely clear that they can be used to show ads, and include trivial instructions to disable ads
The other way around — make it clear that the devices are capable of showing ads, and provide instructions on how to opt-in to them (and no cookie-like prompts either)
If ignoring them is your only option, and challenging them would fail, we would expect to see a lack of challenging them. Which we do.
Unless there's a solid track record of people consistently challenging them and winning, we can assume, based on bayesian priors, that most people cannot.
Other than that, some popular and useful libraries will bundle native libs (for example for sql), and some ad/analytics/corporate SDKs will use native libs to share code between platforms and for obfuscation. These corporate SDKs (like Zendesk) will also notoriously break Android minification tools, because why bother
reply