Installed Packages Registry (packages.xml)
Location
/data/system/packages.xmlDescription
XML file maintained by the Android PackageManager that serves as the authoritative registry of all installed applications. Each package entry contains the application name, version code, version name, installation timestamp (ft and lt attributes in hex epoch), installer package name, requested permissions, granted permissions, signing certificate hash, shared user ID, and data directory path.
Forensic Value
packages.xml provides a complete inventory of every application installed on the device, including those that have been hidden from the launcher or disabled. The firstInstallTime and lastUpdateTime timestamps establish when each application was originally installed and most recently updated, which is critical for determining if a malicious app was installed during the investigation timeframe. The installer field reveals whether an app was installed from the Play Store, sideloaded via ADB, or installed by another app. Permission grants identify applications with sensitive capabilities such as camera, microphone, location, and SMS access.