Security Stuff

Aspects of the changes to scoped storage and the MediaStore pertain to security, as does the introduction of package filtering and the tweaks to permissions. In this chapter, we will explore other security changes introduced in Android 11.

New Foreground Service Types

Android 10 introduced the android:foregroundServiceType attribute for the <service> element in the manifest. Apps using certain capabilities need to declare those intentions using this attribute. For example, if your foreground service needs to use location APIs, you would need android:foregroundServiceType="location". Failing to include this attribute may mean that your app will be unable to use those capabilities when the app only has a foreground service and no foreground UI.

Despite Google’s efforts to pretend that nothing changed here, two new foreground service types were added in Android 11:

• camera
• microphone

In addition, these two new foreground service types have an interesting phrase in the JavaDoc comments for their corresponding ServiceInfo constants: FOREGROUND_SERVICE_TYPE_CAMERA and FOREGROUND_SERVICE_TYPE_MICROPHONE:

For apps with targetSdkVersion Build.VERSION_CODES.R and above, a foreground service will not be able to access the [camera|microphone] if this type is not specified in the manifest and in Service.startForeground(int, android.app.Notification, int).

Normally, we can use the two-parameter startForeground() on Service to establish our service as a foreground service. That method implies that we want to use all of the foreground service type flags specified in android:foregroundServiceType in the manifest. The documentation’s use of “and”, though, suggests that for camera and microphone that we not only need them in the manifest but also need to pass them specifically to the three-parameter startForeground() method, which takes a bitmask of foreground service types as the third parameter.

However, elsewhere in the documentation, we have:

If your app starts a foreground service while running in the background, the foreground service cannot access the microphone or camera.

So, if you use the camera or microphone APIs from a foreground service, you should test your app early and often on Android 11.