Android has a standard background restriction toggle in Android 12. It's in the Battery section of app settings where the default is Optimized and you can set it to Restricted which delays jobs, alarms, broadcasts, etc. until the app is manually started by the user.
Conversation
The 3rd (non-default) Unrestricted mode replaces the prior battery restriction toggle. It's not presented as a privacy feature because it doesn't really make any strong guarantees. Another app can still call a service they export such as Play services delivering an FCM message.
2
1
So they can't simply run on their own in the background but they can get opportunities to run code in response to another app including Play services which happens all the time via FCM. Android 12's toggle does much more than all the prior third party attempts at it though.
1
Force stopping an app puts it into the STOPPED state which is also the state of a freshly installed app. It can still be launched by another app. A possible future improvement (could do it in GrapheneOS) would be making it so that only the launcher can start a force stopped app.
2
1
Replying to
Yeah, but that would require having another malicious app conspiring with the one blocked from background execution that's in foreground or not also blocked from background execution, no?
1
Replying to
Yeah, it would require an app conspiring. It's complex to enforce all the restrictions and they are gradually removing loopholes and making it stricter.
Apps are forced to use foreground services + ask for battery optimization exception to work around the stricter rules.
1
Since you can grant Unrestricted mode and the app can then freely run a foreground service all the time to avoid being frozen, you can still do everything you could before. It's unfortunately often portrayed as if these yearly improvements have reduced background functionality.
1
It has only reduced functionality for apps which don't want to make sketchy behavior visible to users.
Users do sometimes get annoyed about the mandatory foreground service notifications if they don't realize they can configure notification priority or outright disable them.
1
1
I think the OS really needs some optional tutorials for these things. It would also help a lot if most vendors simply used the standard UI instead of making significant changes... some of them actually remove useful privacy / security features like user profiles.
1
2
A major issue is that users don't know what's possible without permissions such as asking the user to pick a contact via system UI or using the system file manager to have them pick one or more files / directories for loading or saving files, etc.
1
1
Users are at a significant disadvantage and the app ecosystem is full of malicious and lazy developers.
Even in the open source app ecosystem, most developers take the approach that they should just get access to everything and users should trust their app. It's not great.
For example, the fact that the system file manager UI approach was introduced in Android 4.4 and extended to directories in 5.0 but the vast majority of apps didn't bother with it until recently when they got forced. They also made a huge fuss about users being in control of it.
1
2
It doesn't do much good to have a privacy friendly way of doing things if users aren't very aware of it and devs use a bulk access request. It's nice that this got solved for generic file access for modern API levels but they still have bulk access permissions for indexed media.
1