Right, it doesn't get my main email at the moment, true, turns out an app needs `android.permission.GET_ACCOUNTS` to do that. I do, however, expect them to do that later -- looking at their declared permissions, it's hard to assume a good will:
- `BLUETOOTH_SCAN`, `ACCESS_FINE_LOCATION`, `ACCESS_ADSERVICES_AD_ID` -- all together. Yes, I see they use `android.ext.adservices`
`READ_EXTERNAL_STORAGE`? `WRITE_EXTERNAL_STORAGE`?
What for? Do they even offer saving a PDF into a Downloads folder?
I think they can do it without asking for the separate permission.
> and they can only identify apps from a fixed list
And then check their admitted privacy practices/policy from their Google Play listing (com.ryanair.cheapflights)
Notice, the first section is `DATA SHARED`, not just collected. It's shared with the undisclosed third parties (we know from the privacy policy[1], though, that at the very least it includes all the social networks
>> Photos, User ids (plural, it's not just email used to login), Installed apps once again, Files and docs (?!)
Generally;
I have a very little trust for a vendor that is known for the deceptive practices and which lies from the outset about the reasons to force all passengers into using their app.
If they lie in such a fundamental question, it should be assumed they're using deceptions and trickery.
> Data Linked to You - Location, Contact Info, Identifiers, Usage Data, Other Data