Privacy changes are inherently breaks in compatibility and the AndroidHardening project is not in a position to force the app ecosystem to adapt, unlike the upstream Android project. Downstream implementations require exposing more toggles and disabling some of it by default.
Conversation
For example, Android P was able to eliminate background audio, camera and sensors access by forcing apps to do it in the foreground, including via foreground services where audio recording is displayed to the user. The AndroidHardening approach had to expose toggles to end users.
This Tweet was deleted by the Tweet author. Learn more
It's far better to force apps to run in the foreground including via a foreground service marked by the OS as recording audio. I don't think there should be a way to grant apps the ability to silently use the microphone, camera and sensors from fully in the background.
1
Replying to
However, when implementing features downstream, they have to be implemented in a way that retains app compatibility. I'm not in a position to force apps to make substantial changes like using a foreground service or totally moving to the Storage Access Framework for user consent.
1
Replying to
As it exists right now, Android Q almost completely removes old style shared storage access from apps. The user can still fully access it all via the system file manager, but other apps cannot. They need to be given access to files/directories case by case via user consent (SAF).
1
Replying to
Old style access will only provide access to a private directory. The difference from the internal app storage is that the user can access it via a file manager. It will no longer be possible for apps to access the dedicated external storage of another app, just like internal.
1
Replying to
I had planned to make an isolated shared storage feature, but it was going to be optional via a toggle and it would have needed to create a directory tree with a sub-directory for each app emulating the top level shared storage, with that forced as their top level by default.
1
Replying to
Essentially, it would have been a lot messier, and I was going to have a toggle to preserve the ability to avoid this messier way of handling it where the user would have had to do more work moving around files with the file manager. Forcing apps to use SAF is a far better way.
1
Replying to
SAF lets them access anything like before, but the user has to grant access on a case-by-case basis. When the user wants to load or store a file, they press the button in the app, and it can use SAF which opens the system file manager UI, allowing them to choose anything.
1
Replying to
The app cannot load or store arbitrary data to shared storage though. It can only access what the user has granted to it, including directories. It's a far better way of doing things. Most apps should have been using SAF, like my PDF Viewer (no storage permissions needed).
Replying to
However, app devs are always going to take the path of least resistance, which is demanding bulk access permissions from the user and doing whatever they want without explicit user consent forever, since users aren't in a position to deny it, when app devs made no alternative.
1
Replying to
Permission toggles are not a model that works well. The app coerces users into granting permissions by not providing alternatives. Apps have been able to store / load files, take pictures, pick contacts, etc. without permissions for years but they rarely ever take that approach.
1
Show replies