I'll need to decide if it's worth porting features to Android P that are already going to be provided by Android Q. It makes more sense to focus on changes still relevant for Android Q, including a dozen features that were planned out but not yet implemented (not listed there).
Conversation
AndroidHardening has always been focused on under the hood changes preserving app compatibility and avoiding changes to the user experience. That led to the vast majority of the work being dedicated to improving security of the OS and apps. Privacy changes are usually disruptive.
1
Privacy changes are inherently breaks in compatibility and the AndroidHardening project is not in a position to force the app ecosystem to adapt, unlike the upstream Android project. Downstream implementations require exposing more toggles and disabling some of it by default.
1
For example, Android P was able to eliminate background audio, camera and sensors access by forcing apps to do it in the foreground, including via foreground services where audio recording is displayed to the user. The AndroidHardening approach had to expose toggles to end users.
This Tweet was deleted by the Tweet author. Learn more
It's far better to force apps to run in the foreground including via a foreground service marked by the OS as recording audio. I don't think there should be a way to grant apps the ability to silently use the microphone, camera and sensors from fully in the background.
1
Replying to
However, when implementing features downstream, they have to be implemented in a way that retains app compatibility. I'm not in a position to force apps to make substantial changes like using a foreground service or totally moving to the Storage Access Framework for user consent.
1
Replying to
As it exists right now, Android Q almost completely removes old style shared storage access from apps. The user can still fully access it all via the system file manager, but other apps cannot. They need to be given access to files/directories case by case via user consent (SAF).
1
Replying to
Old style access will only provide access to a private directory. The difference from the internal app storage is that the user can access it via a file manager. It will no longer be possible for apps to access the dedicated external storage of another app, just like internal.
1
Replying to
I had planned to make an isolated shared storage feature, but it was going to be optional via a toggle and it would have needed to create a directory tree with a sub-directory for each app emulating the top level shared storage, with that forced as their top level by default.
1
Replying to
Essentially, it would have been a lot messier, and I was going to have a toggle to preserve the ability to avoid this messier way of handling it where the user would have had to do more work moving around files with the file manager. Forcing apps to use SAF is a far better way.
Replying to
SAF lets them access anything like before, but the user has to grant access on a case-by-case basis. When the user wants to load or store a file, they press the button in the app, and it can use SAF which opens the system file manager UI, allowing them to choose anything.
1
Replying to
The app cannot load or store arbitrary data to shared storage though. It can only access what the user has granted to it, including directories. It's a far better way of doing things. Most apps should have been using SAF, like my PDF Viewer (no storage permissions needed).
1
Show replies