Android 10 deprecated the Storage permissions and they aren't they available with the current API level without temporarily opting into the legacy storage model. Android 4 introduced SAF to access files via case-by-case user consent and Android 5 extended it to directory access.
Conversation
In Android 4, SAF became mandatory to access external drives. Apps had to support SAF to provide full functionality. Android 7 deprecated passing files via file: URI to avoid the app receiving a file from needing to depend on the legacy Storage permissions due to the other app.
1
1
In Android 9, apps within the same profile were each given their own SELinux MLS level to fully isolate them from each other, except through system APIs. This removed the ability for apps to make their internal data world writable / readable to share it via legacy file: URIs.
1
1
Modern apps must share files via content: URIs mapping to content providers providing a thin indirect access layer with a modern access control system including revocation, etc. Unfortunately some apps targeting older API levels or opting into legacy storage still use file: URIs.
1
2
For example, Firefox and the Amaze file manager still use the obsolete Storage permissions to gain direct access to the user's home directory. They still share files to other apps via legacy file: URIs since they disabled Android 7 sharing sanity checks: hg.mozilla.org/mozilla-centra.
2
2
Replying to
Is that code still in use on Firefox Preview? The nightly recently started to be usable, and I see they solved long standing issues: e.g they have a button to propose opening an URL in an app that registered it, which wasn't possible before.
1
Replying to
Don't know, just getting increasingly annoyed with being blamed for other people's broken apps. It's totally ridiculous that Firefox disabled the sanity checks added in Android 7 with the justification that they "disagree" with having a proper storage security model...
2
Replying to
They do raise valid concerns. A simple fix would be to "own" the download directory and change the model, but they'd be the ones getting flamed. How do Chrome/Brave solve this ?
2
Replying to
They share files properly with content: URIs like any other sane app. At the very least, they've been sharing files properly since Android 7 when passing file: URIs was officially deprecated. Firefox chose to disable the exception caused by the linting performed by the OS.
Since targeting Android 10, Chromium no longer requires the Storage permissions to download files either. It doesn't have to opt into the legacy storage model. Downloads is a special case and storing data there is permitted without requiring SAF to request access from users.
1
Apps can only access their own files there, of course, without being explicitly granted access to other files by users. The Storage permissions are completely obsolete and aren't used by modern apps. They simply aren't available at all. Firefox is not compatible with modern apps.
1
Show replies