Storage access with Android 11
Hi, I'm Roxanna, and I'm a Product Manageron Android.
Today, I'll be discussing Storage Access on Android 11.
Modern storage devices are the keepers of so manyof our personal memories and information.
This includes photos of our loved ones and videos of our most memorable days.
And with so many of us now conducting business with our phones and tablets, often important filesare stored on our devices, including financial and legal documents.
Android's amazing app developer communityhas created countless apps to help us share our memories, edit our documents, and listen to our music.
But until recently, Storage Access on Android hadn't evolved to assure that apps could getexactly the information users want to share, and no more.
Today, we'll quicklygo over the Storage changes, introduced with Android 10, and then we'll discuss in detailthe new modifications we've added to improvethe developer experience in Android 11.
And we'll finish with some tips on migrating your appto use modern storage.
Last year, with Android 10, we introduced the concept of Scoped Storage.
The idea is to organize shared storageinto specific collections and limit access to broad storage.
These are the changes introducedfor apps targeting Android 10.
First, apps have unrestricted accessto their own storage.
Both on internal memoryand external volumes.
Second, shared storage is dividedinto four Organized Collections: Pictures, Videos, Music, and Downloads.
And apps can contribute filesto these Organized Collections without any permission.
The storage Runtime Permissionnow only gives Read Access to shared pictures, videos, and music files.
To access downloads or unorganized files, the user must givespecific access via the Document Picker.
Deleting or modifying media filesthat were not created by your app, now requires user confirmation.
And lastly, apps must requesta new permission to access Photo Location Metadata.
While many apps have successfully migrated to Scoped Storage on Android 10, we recognize that we didn'tsufficiently satisfy all of the use cases in that release.
Therefore, for apps targeting Android 10, we included the optionto opt-out of Scoped Storage with the Flag in the Manifest calledrequestLegacyExternalStorage.
Over the past year, we've heard feedbackabout the storage update from all kinds of developers.
We know this change isn't easyfor many apps, and we recognize the challengesinvolved with adapting to modern storage.
In response, my team focusedall our efforts in this release on adding improvementsto Android 11, specifically, to makethe transition easier.
And because we've made these changes, we now feel comfortable making Scoped Storage mandatoryfor all apps targeting Android 11.
There won't be an option to opt-out.
So here's what's new on Android 11.
As an alternative to MediaStore APIs, apps can choose to use other APIs, which rely on local File Paths.
This is likely to reduceor eliminate the amount of code you have to changewhen upgrading to target Android 11.
We've created new easier to use APIsfor modifying media files and added the abilityto make changes in bulk.
For specific apps that can verify that they require the abilityto read more broadly, we created a new special app accesscalled “All Files Access.
” App Storage is now privatefrom other apps, including External App Directories.
Let's go through each of thesein more detail.
With Scoped Storage enabled on Android 10, apps were only able to accessshared files using MediaStore APIs.
A Collection of APIs specifically designed for working with index filesin shared storage.
These APIs identify files usingfile descriptors rather than local File Paths.
MediaStore is a rich, efficient, and useful set of APIs that we will continue to innovate.
So for most apps, this is still the best solution for working with shared files.
However, your feedback showed usthat disallowing APIs that use File Paths, like Java Files APIor Native C and C++ Libraries, cause significant compatibility issuesbetween Android Pie and Android 10.
Compatibility is important to us, because we want to make it easy for apps to take advantageof each new Android release.
So we decided the best thing we could do to help app developersmigrate to Scoped Storage, was to define the way to allow themto use File Path APIs, while keepingthe new privacy requirements.
By leveraging fuse, file system, and user space, we were able to reenable these APIswith Scoped Storage.
For example, now appscan successfully use FFMpeg, a popular multimedia framework.
Under the hood, IO requests using File Paths, are actually delegatedto the MediaStore API.
You could think of File Path APIsand Android 11, as convenience API to the MediaStore.
You do not getany additional access to files you would've gottenby using MediaStore APIs.
This is simply a different wayto implement your app functionality if you choose to.
You can get the file pathof a file in MediaStore, by looking in the Data column.
Because File Path APIs now directlylink to MediaStore, any time you create a new file, such as Save a New Photo, using a File Path API, it will be immediatelyadded to the MediaStore.
This is helpful, because then there's never a delay, as there might have beenon older versions of Android, between contributing filesand shared storage and another app's abilityto access them.
However, this could causesome unexpected behavior, if your app was previously operatingunder the assumption that the new filewould not be indexed right away.
So keep this in mind, as you testyour app on Android 11.
The team has worked diligently to ensure there's minimalperformance impact to using File Path APIs.
But if performance is vital to your app, we recommend testing both options to see what works best for your situation.
So while MediaStore APIsare still most likely to be the best way for youto access shared files on Android, you're now free to decide if you would like to useany other API or Library instead.
As I mentioned, MediaStoreis the richer set of APIs for accessing shared files.
With Android 11, we've addedthree significant new features.
First, as part of Scoped Storagein the last release, we introduced a new requirement in which apps needed to get user consent before modifyingor deleting a file it does not own.
For Android 11, we created neweasier to use APIs to get this consent.
One is called createWriteRequest and createDeleteRequest.
With these, apps can request consent for modifying several media files at once.
If you already own the filesthat you want to modify, you don't need to requestuser consent to modify them.
We created a new MediaStoreconcept of Trash– you could think of thislike the recycle bin on a PC.
Apps can now choose to trash a fileinstead of deleting it.
This gives the user a chanceto recover the file later.
Trash files will be hidden by default, but then can be displayedif an app wants to.
A trash item will be automaticallydeleted by the OS after 30 days.
Trash files can be un-trashedat any time before its expiration by an app that has added access to itor with user consent.
We also created a new file statuscalled “Favorite”.
For example, in your Gallery App, you may be accustomed to starring a photo you like, so you can find it again more easily.
Now this can work across apps.
If your app has a user experienceof picking from the list of all available photos, you now can choose to listthe Favorited photos first, or highlight them differently.
Similar to modifying files, apps must get user consent before trashing or favoriting filesit does not own.
However, the defaultGallery App on the device will never be requiredto prompt the user for any of these modifications.
I am super excited to seehow apps will take advantage of these new features.
Most apps that work with shared files, will have everything they need with the Read_External_Storage permission, which grants access to photos, videos, and music.
And apps like PDF Editorsor Document Readers, can use the Storage Access Framework to request accessto specific documents and downloads.
However, there are some apps that truly require Readand Write permissions for all files in shared storageto carry out their primary purpose.
Some apps are File Managersand backup apps.
Apps like these, which users rely on, to move and modify all kinds of files, now have the option to requesta new permission called “All Files Access” or MANAGE_EXTERNAL_STORAGE in code.
MANAGE_EXTERNAL_STORAGE grantswrite access to all files, except those in foreign app directories.
Because this is quite sensitive, it's not a Runtime Permission, but instead a Special App Access.
This means it must be enabledby the user in Settings, similar to Notification Listeningor Usage Access.
Apps that request All Files Accessand publish to Google Play will need to be verified manually to ensure they havea legitimate purpose to request it.
This is to protect usersfrom inadvertently granting overreaching accessto an app that might be malicious.
The access will not be limitedto specific categories of apps.
Developers are so creative that we cannot listall the possible use cases.
Instead, each appwill be independently evaluated to check that there istruly no other reasonable way for the app to workwithout this permission.
It has never been best practiceto directly access files saved in another app's External Storage Directory.
The best way for apps to share filesare by using shared storage or content providers.
To formalize this on Android 11, no app will be able to access another app's External App Storage.
This includes all methodsof reading files– MediaStore, File Path APIs, and the Storage Access Framework.
This is the one storage changethat's not gated on target SDK.
So, if your app is accessinganother app's data, or you are allowing appsto access your storage, you will need to update to oneof the approved methods, in order to run as expected on Android R.
To end, I will share some useful tipsfor migrating your app, that we've learned by respondingto your feedback and talking to our partners.
First, if your app will be usingFile Paths or All Files Access, which I discussed today, you will need to keepthe Legacy Storage Flag in your app's Manifest.
This is to ensure compatibility with users running your app on Android 10.
If your app hasa custom picking experience for selecting non-media files, like documents, you should redesign it to usethe Storage Access Framework instead.
This does not require any permissions.
Remember, now, modifyingor deleting media files you do not own, requires user consent.
So use the new MediaStore Consent APIs.
It is no longer advisable for your appto save files in a custom top-level directory.
Doing so requiresthe Storage Access Framework, which is notthe best experience for users.
And if your app is uninstalledand then reinstalled, it would lose access to those files.
We suggest usingOrganized Media Collections or your private app storage instead.
If you use a top-level directory today, you should migrate those filesbefore upgrading your app.
We've created a new Manifest Flagto help with this.
If you want to share datawith other specific apps, set up Content Providers.
This is the most secure wayto share files.
I hope these changeswill make it easier for you to update your app for Scoped Storage.
To help you with your migration, the Android Documentationhas been updated to reflect all of these changes.
So check them out to get more detailson everything, I've discussed.
We truly believe that this change will significantly protect our usersfrom malicious apps.
And we hope the abilityto contribute media without requiring a Runtime Permission, is a welcome changeto streamline your app's user experience.
I hope you and your loved ones are staying safe and stress-free.
Happy developing!.
Comments
Post a Comment