How is an iOS app on the App Store able to detect other apps?!?!

They can use the app delegate can open url to find some apps. https://developer.apple.com/documentation/uikit/uiapplication/1622952-canopenurl

There are limits on it for privacy reasons.

Thanks for your response! I was pondering that too, especially if they were only finding some apps, but they can seem to find all apps and the app icons as well. Even for rather obscure apps for which there's no way they would have done the research to figure out the URL schemes for and of course many (most?) apps don't define a scheme. Them having the app icon too and instantly (no server download latency) tells me they're getting it on device somehow.

The client then told us to download SpyBuster (on the App Store) which somehow is collecting a list of Bundle IDs or names of all installed apps somehow.

That clearly shouldn't have passed App Review, and perfectly demonstrates how amazingly useless App Review is.

I've just opened a new thread without knowing this one existed.

Nonetheless, I ask myself the same question - how does SpyBuster lists all my installed apps on iOS and iPadOS ?

As a developer, I've tested couple of possibilities - none of them worked.

The suggestion that app uses canOpenURL and tries app URL schemas is not valid because I built my own app locally and SpyBuster is listing it.

Within the app itself, MacPaw states "SpyBuster performs data analysis using standard AppStore API provided by Apple. ..."

AppStore API somehow returns a list of all installed apps on the current device ?

"SpyBuster performs data analysis using standard AppStore API provided by Apple."

That's surprising, if true. I guess there is a StoreKit API that can be abused, or something. My previous guess was that it was able to explore the filesystem to discover other installed apps.

In any case, I don't believe the app should be on the store. I did wonder if it would disappear after this thread was posted, but it hasn't. App Review should be embarrassed.

Do you think its anti-Russian theme might have some bearing on why it has been accepted? Would I get approved if I created a similar app that claimed to identify apps created in the USA?

Hi again,

I don't believe Apple endorses any anti russian or pro russian developers.

I do believe however that the developers have found a way to access the data without querying the filesystem.

I think StoreKit has to be explored more deeply.

Apparently, all you need to do is ask them. See:

www macobserver com/news/anti-spying-tool-spybuster-arrives-to-ios-thanks-to-ukrainian-developer-macpaw/

and

www igen fr/app-store/2022/07/spybuster-detecte-les-applications-de-votre-iphone-en-lien-avec-la-russie-131429

(I guess the forum doesn't like those external links.)

But apparently, there is a way to do it via StoreKit and it is allowed as per the Guidelines:

don’t collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing

So I guess if you're doing it for any other reason, you're good to go.

It’s fine if you post them in the clear. See tip 14 in Quinn’s Top Ten DevForums Tips.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"