> ensure the app you're using isn't a WebAPK.
> WebAPKs are usually very small in size, are installed straight from a browser page, do not appear under '/data/app' like standard Android apps, and show atypically limited information under Settings > Apps.
Yeah, this is not something I could tell my elderly relatives to watch out for. If Android is giving untrusted web apps full access to your device’s hardware without adequately warning you, that’s a security vulnerability.
Very simple solution for WebAPKs: do not use Chrome, nor let any of your relatives do so. Third-party browsers must implement their own minting server and as far as I'm aware Firefox does not. And you get real ad-blocking functionality and far less spying from Google while at it, too.
https://bugs.chromium.org/p/chromium/issues/detail?id=124358...