Storage Scenarios in Android Q

Mark Murphy, CommonsWare
mmurphy@commonsware.com

New Talk, Who Dis?

New Talk, Who Dis?

Scoped Storage

Storage Scenarios in Android Q and R

still Mark Murphy, CommonsWare
still mmurphy@commonsware.com

Problem: Promiscuous Programs

  • What the user wants: to allow an app to access a single file or directory
  • What the user gets: allowing that app full run of external storage
  • WRITE_EXTERNAL_STORAGE knows no boundaries
  • Major privacy and security issue

Historical Recap

No, That's Not "Hysterical"

  • Android 1.0-1.1: no permissions needed
  • Android 1.5-4.2(?): WRITE_EXTERNAL_STORAGE
  • Android 4.3(?): ...and now READ_EXTERNAL_STORAGE

Historical Recap

This Subtitle Available For Rent

  • Android 4.4-9.0
    • No permissions needed for Context-supplied roots (e.g., getExternalFilesDir())
    • Permissions needed for Environment-supplied roots

Q Scoped Storage Rules

(as of a few hours ago)

  • No permissions needed for Context-supplied roots (e.g., getExternalFilesDir())
  • No permissions needed for Environment-supplied roots... because they are now inaccessible
🤬

Escape! Room?

  • Internal storage unaffected (e.g., Room databases, SharedPreferences, getFilesDir())
  • Opting Out
    • Add android:requestLegacyExternalStorage="true"
    • May not be allowed with Android R

Good News! It Used To Be Worse!

  • Earlier betas had "sandboxed" external storage
    • Appearance of full access, because each app had its own sandbox
    • UX fail: sandboxes were buried in Android/sandbox/...
  • Beta 1 had "roles"
  • Beta 1 and 2 had permissions by content type (e.g., READ_MUSIC)

Do Not Wait to Adapt Your App!

Scenario: Single Piece of Content

Solutions, Sorta

  • ACTION_OPEN_DOCUMENT or ACTION_CREATE_DOCUMENT
  • Respond to ACTION_VIEW or ACTION_SEND
  • Ask user to work in your app-specific external/removable storage directories

Scenario: Single Piece of Content

And Now, the Problems

  • May not get read-write Uri
  • Have to ask for durable access, may not get it
  • Limited to streams and FileDescriptor
  • Converse problem: getting file: Uri from others

Scenario: Tree o' Content

Solutions, Somewhat

  • ACTION_OPEN_DOCUMENT_TREE
  • Ask user to work in your app-specific external/removable storage directories
  • Um, yeah, that's it

Scenario: Tree o' Content

Trees Sometimes Have Bugs

  • Cloud providers may not honor ACTION_OPEN_DOCUMENT_TREE
  • Working with tree requires IPC, may be slow
  • Limited to streams and FileDescriptor

Scenario: Media

Android Q: Not Fake News

  • MediaStore still works for audio, video, images
  • Use insert() to add content that survives uninstall
  • New features in Q!
    • RELATIVE_PATH to steer storage location
    • IS_PENDING to hide listing until you write the content

Scenario: Media

Everybody's Got Issues

  • MediaStore no longer supports non-media (e.g., PDFs)
  • Need READ_EXTERNAL_STORAGE to query and find content from other apps

Casualties of Whoa!

  • File managers
  • Anything using FileObserver
  • Anything needing random access (e.g., SQLite)

I Said: Do Not Wait to Adapt Your App!

Questions?

https://commonsware.com/presos/devfestDC2019
https://tinyurl.com/devfestDC2019