In Android 9, apps within the same profile were each given their own SELinux MLS level to fully isolate them from each other, except through system APIs. This removed the ability for apps to make their internal data world writable / readable to share it via legacy file: URIs.
Conversation
Modern apps must share files via content: URIs mapping to content providers providing a thin indirect access layer with a modern access control system including revocation, etc. Unfortunately some apps targeting older API levels or opting into legacy storage still use file: URIs.
1
2
For example, Firefox and the Amaze file manager still use the obsolete Storage permissions to gain direct access to the user's home directory. They still share files to other apps via legacy file: URIs since they disabled Android 7 sharing sanity checks: hg.mozilla.org/mozilla-centra.
2
2
Replying to
Is that code still in use on Firefox Preview? The nightly recently started to be usable, and I see they solved long standing issues: e.g they have a button to propose opening an URL in an app that registered it, which wasn't possible before.
1
Replying to
Don't know, just getting increasingly annoyed with being blamed for other people's broken apps. It's totally ridiculous that Firefox disabled the sanity checks added in Android 7 with the justification that they "disagree" with having a proper storage security model...
2
Replying to
They do raise valid concerns. A simple fix would be to "own" the download directory and change the model, but they'd be the ones getting flamed. How do Chrome/Brave solve this ?
2
Turns out they have users being confused: reddit.com/r/brave_browse
forum.xda-developers.com/pixel-3-xl/hel
1
Replying to
No, it doesn't, and you're the one that's confused. Brave wasn't using the modern downloads implementation. It was broken, but not because there's anything wrong with the new download implementation for Android 10. The default downloads location for Chromium is also the same...
1
Try downloading a file in Chrome on the stock OS or Vanadium on GrapheneOS. It will be saved to the regular Downloads directly and put into the Downloads category. It may still have the Storage permission due to the upgrade process but you can toggle it off and it still works.
2
Replying to
I see, it's only when sharing to other apps. So that means that if you uninstall the web/file browser with which you opened a document, you can no longer access the document with a content uri in the target app.
1
Replying to
It'd be strange to enable the toggle to grant persistent access for a file shared that way in the first place. If the app needs persistent access, it should request it. This is how sharing files / storage access works on Android. Storage permissions have been legacy for years.
Due to apps like Firefox screwing things up, users have a total misunderstanding of how things work and don't realize that the Storage permissions aren't needed. Users don't realize they've already been making heavy use of the modern system and that not much will change for them.
1
1
The reason so many apps require the legacy Storage permissions is not because that many apps actually require it but because everyone needed to add it to work around broken apps like Firefox deliberately not acting as good citizens and screwing over other app developers.
1
Show replies