The title should read: "Everyone knows all the apps on your Android phone"

This is to be expected though, a phone platform isn't exactly Tor Browser. The big API as with any platform will have plenty of ways to fingerprint people even without this one example, unless the developers went far out of their way from the beginning to build prevention in. Much like how on UNIX you can see what processes everyone is running and their command lines.

Very simple:

Big companies like Swiggy and Zepto will mine the F out of your data. Some of it is for their benefit but some of it they could sell in the future. These so called founders are really just another wolf of app street looking to pump and dump. So when they do dump, or when some VC comes with money, they don’t just sell their app they sell it as a whole package of data and analytics that some company can use to sell their product or something VC can leverage to sell their stock to someone else. It’s not that difficult.

As far as smaller apps go these apps outsource their development to people who come with ‘packages’ to develop and maintain their app. These packages are the same logic as above but it’s just that they come from some template so you might be asked for location permission or camera or microphone by some really random app that has nothing to do with it.

While the quality of iOS is degrading, some of these things are really important and simply work better on iOS.

>Please remember the next time you casually install an app on your Android device, this information is being broadcast to the whole world. Data brokers will use it to profile you, cross-reference it with data about you from other ad networks and eventually it will be used to decide how much you’ll be asked to pay the next time you order a samosa.

Who are those data brokers? Are they publicly known? Do they have an API where a business sends customer ID, mail or something and get an spending profile that helps adjusting price for a particular customer?

I know this sounds evil. But didn't banks and insurance companies collaborate to profile their customers since tens of years ago? That is not similarly evil?

> I don’t even know where to begin unpacking this madness. How is knowing whether I have the Xbox or the Playstation app installed on my phone essential to their Swiggy's core functionality?

Probably has to do with feeding adtech's hunger for personal information, or fingerprinting maybe (not sure if that's a thing in the context of phone apps).

If they just audited apps and banned companies from the app store for abuse it would do a lot to curb this behavior. This is feasible, there just aren't THAT many popular apps at any given time.

Android is so broken, each app query should be explicitly approved by user, instead of by reviewer like this.

    So I downloaded a few dozen Indian apps
    I could think of on top of my head and
    started reading their manifest files

How do you download apps from the Android app store and read their manifest files?

Does this mean one could make a website that lists all those manifest file, so the users could decide against using apps that use this loophole?

It's true, our phones are like little windows into our lives. The apps we have reflect our habits and interests.