Modern apps must share files via content: URIs mapping to content providers providing a thin indirect access layer with a modern access control system including revocation, etc. Unfortunately some apps targeting older API levels or opting into legacy storage still use file: URIs.
Conversation
For example, Firefox and the Amaze file manager still use the obsolete Storage permissions to gain direct access to the user's home directory. They still share files to other apps via legacy file: URIs since they disabled Android 7 sharing sanity checks: hg.mozilla.org/mozilla-centra.
2
2
Replying to
Is that code still in use on Firefox Preview? The nightly recently started to be usable, and I see they solved long standing issues: e.g they have a button to propose opening an URL in an app that registered it, which wasn't possible before.
1
Replying to
Don't know, just getting increasingly annoyed with being blamed for other people's broken apps. It's totally ridiculous that Firefox disabled the sanity checks added in Android 7 with the justification that they "disagree" with having a proper storage security model...
2
Replying to
They do raise valid concerns. A simple fix would be to "own" the download directory and change the model, but they'd be the ones getting flamed. How do Chrome/Brave solve this ?
2
Turns out they have users being confused: reddit.com/r/brave_browse
forum.xda-developers.com/pixel-3-xl/hel
1
Replying to
No, it doesn't, and you're the one that's confused. Brave wasn't using the modern downloads implementation. It was broken, but not because there's anything wrong with the new download implementation for Android 10. The default downloads location for Chromium is also the same...
1
Try downloading a file in Chrome on the stock OS or Vanadium on GrapheneOS. It will be saved to the regular Downloads directly and put into the Downloads category. It may still have the Storage permission due to the upgrade process but you can toggle it off and it still works.
2
What's confusing for users is broken apps like Firefox and Amaze passing legacy file: URIs to other apps which they can't open without requiring legacy permissions. This has led to coarse Storage permissions being normalized and users not realizing it's not actually necessary.
1
Users end up blaming the wrong apps and those apps add the legacy Storage permissions to work around the problem caused by others. That's what has led to the current situation. Firefox is one of the biggest perpetrators and they participated in screwing up the whole ecosystem.
1
The Storage permissions became largely obsolete since Android 4 and 5. Android 7 tried to get apps to share files properly to stop forcing everyone to depend on the legacy permissions. Firefox disabling the sanity checks and screwing over other developers was immensely damaging.