Right, it doesn't get my main email at the moment, true, turns out an app needs `android.permission.GET_ACCOUNTS` to do that. I do, however, expect them to do that later -- looking at their declared permissions, it's hard to assume a good will:
- `BLUETOOTH_SCAN`, `ACCESS_FINE_LOCATION`, `ACCESS_ADSERVICES_AD_ID` -- all together. Yes, I see they use `android.ext.adservices`
`READ_EXTERNAL_STORAGE`? `WRITE_EXTERNAL_STORAGE`?
What for? Do they even offer saving a PDF into a Downloads folder?
I think they can do it without asking for the separate permission.
> and they can only identify apps from a fixed list
And then check their admitted privacy practices/policy from their Google Play listing (com.ryanair.cheapflights)
Notice, the first section is `DATA SHARED`, not just collected. It's shared with the undisclosed third parties (we know from the privacy policy[1], though, that at the very least it includes all the social networks
>> Photos, User ids (plural, it's not just email used to login), Installed apps once again, Files and docs (?!)
Generally;
I have a very little trust for a vendor that is known for the deceptive practices and which lies from the outset about the reasons to force all passengers into using their app.
If they lie in such a fundamental question, it should be assumed they're using deceptions and trickery.
I'm all for calling out bad privacy practice, like when a Weather app says it links your contact info. But an airline app inherently does this.
Did you know that Ryanair knows your name when you fly! They even know what city you're flying from.