Weird that if an apk has `android:autoVerify="true"` for any site associations - that the package manager will beacon out to those sites w/ device information (build, etc) from your device w/o any acknowledgement, notification or choice?
developer.android.com/training/app-l
Conversation
Note that this occurs before you've ever run the application - but now the sites they listed in the APK already know your device build, ip address, etc --- all prior to any user interaction
1
2
Oh and this all occurs regardless of installation path, e.g. - ADB, third party market or Google Play --- since this is part of the PackageManager that's built in.
1
Replying to
It's done by IntentFilterVerifier. The package manager triggers it and will still work with it disabled. Since the INTERNET permission is only static information in the manifest like this rather than a user-facing permission with a toggle, it doesn't really make much difference.
2
You can disable the app implementing this via the Settings app. The user-facing name of the app is "Intent Filter Verification Service". So, in that sense, there is a toggle available for the functionality as a whole.