Android R, A Step towards privacy.

Android always has been cursed for its privacy issues.

Before Marshmallow, android devices were like open and easy prey available to be hunted.
An immense amount of user data has been leaked out without the user’s understanding.
Later, after the Marshmallow release, at least users were shown permissions of the apps they were using.

Still, Users were unaware of the permissions they allowed.
Considering permission. android.permission.WRITE_EXTERNAL_STORAGE

If the User allows this permission, the application will be in full authority to create, update, delete any files on its internal as well external storage device.

Considering such issues and many more, Android R (11) has taken a step towards privacy and has been continuing its work for fewer privacy issues.

Google has placed deadlines to be taken into effect by August 2021.

New apps must target at least Android 11 (API level 30)

Android R (11) has restricted developers to access user files and allows only if apps follow the following ways.

– Scoped storage –
Scoped storage brings two major changes. Developers no longer have access to a file via its path. Instead, you need to use via “Uri“. Second, if you want to change a file not created by your app, you need to ask the user for permission. Scoped storage was introduced in android 10 but developers can opt-out using the below flag. (i.e. Individual File access)

requestLegacyExternalStorage = true

Developers can opt-out from scoped storage by declaring the above flag in app’s Android Manifest file while in any android R above flag is ignored.

There are two ways one can access files, MediaStore API that allows you to query the device for images, videos, and audio, other ways is using Storage access framework.

By firing one of the below intents,

Using action ACTION_OPEN_DOCUMENT or ACTION_OPEN_DOCUMENT_TREE, respectively. Where the user will be asked for permissions per-directory access if ACTION_OPEN_DOCUMENT_TREE and for ACTION_OPEN_DOCUMENT user can copy and manipulate files in public folders (Download and Document)

– Access to Only Media files.
There might be a scenario where you may only request for media files and not, Non-media files for such scenarios developer can only request the below permission instead of WRITE_EXTERNAL_STORAGE

– Request access to overall files. (Google Approval Required)

<uses-permission android:name="android.permission.MANAGED_EXTERNAL_STORAGE"/>

The above permission is asking the user to allow access to overall storage devices. Applications like antivirus, file manager are eligible to ask, However, if your app requires this permission you will have to explain to google why it’s needed, and depending on use cases Google might reject or approve.

Example for using MediaStore api. where one can query media files using selection args and clauses to retrieve a media file’s URI

val projection = arrayOf(media-database-columns-to-retrieve)
val selection = sql-where-clause-with-placeholder-variables
val selectionArgs = values-of-placeholder-variables
val sortOrder = sql-order-by-clause

applicationContext.contentResolver.query(
    MediaStore.media-type.Media.EXTERNAL_CONTENT_URI,
    projection,
    selection,
    selectionArgs,
    sortOrder
)?.use { cursor ->
    while (cursor.moveToNext()) {
        // Use an ID column from the projection to get
        // a URI representing the media item itself.
    }
}

Uri fetched from the above operations can be used as per requirements. You can find complete operations for Shared, Scoped related examples here.

Happy Coding.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.