New Talk, Who Dis?

New Talk, Who Dis?

Scoped Storage

Storage Scenarios in Android Q and R

Problem: Promiscuous Programs

• What the user wants: to allow an app to access a single file or directory
• What the user gets: allowing that app full run of external storage
• WRITE_EXTERNAL_STORAGE knows no boundaries
• Major privacy and security issue

Historical Recap

No, That's Not "Hysterical"

• Android 1.0-1.1: no permissions needed
• Android 1.5-4.2(?): WRITE_EXTERNAL_STORAGE
• Android 4.3(?): ...and now READ_EXTERNAL_STORAGE

Historical Recap

This Subtitle Available For Rent

• Android 4.4-9.0
  • No permissions needed for Context-supplied roots (e.g., getExternalFilesDir())
  • Permissions needed for Environment-supplied roots

Q Scoped Storage Rules

(as of a few hours ago)

• No permissions needed for Context-supplied roots (e.g., getExternalFilesDir())
• No permissions needed for Environment-supplied roots... because they are now inaccessible

Escape! Room?

• Internal storage unaffected (e.g., Room databases, SharedPreferences, getFilesDir())
• Opting Out
  • Add android:requestLegacyExternalStorage="true"
  • May not be allowed with Android R

Good News! It Used To Be Worse!

• Earlier betas had "sandboxed" external storage
  • Appearance of full access, because each app had its own sandbox
  • UX fail: sandboxes were buried in Android/sandbox/...
• Beta 1 had "roles"
• Beta 1 and 2 had permissions by content type (e.g., READ_MUSIC)

Do Not Wait to Adapt Your App!

Scenario: Single Piece of Content

Solutions, Sorta

• ACTION_OPEN_DOCUMENT or ACTION_CREATE_DOCUMENT
• Respond to ACTION_VIEW or ACTION_SEND
• Ask user to work in your app-specific external/removable storage directories

Scenario: Single Piece of Content

And Now, the Problems

• May not get read-write Uri
• Have to ask for durable access, may not get it
• Limited to streams and FileDescriptor
• Converse problem: getting file: Uri from others

Scenario: Tree o' Content

Solutions, Somewhat

• ACTION_OPEN_DOCUMENT_TREE
• Ask user to work in your app-specific external/removable storage directories
• Um, yeah, that's it

Scenario: Tree o' Content

Trees Sometimes Have Bugs

• Cloud providers may not honor ACTION_OPEN_DOCUMENT_TREE
• Working with tree requires IPC, may be slow
• Limited to streams and FileDescriptor

Scenario: Media

Android Q: Not Fake News

• MediaStore still works for audio, video, images
• Use insert() to add content that survives uninstall
• New features in Q!
  • RELATIVE_PATH to steer storage location
  • IS_PENDING to hide listing until you write the content

Scenario: Media

Everybody's Got Issues

• MediaStore no longer supports non-media (e.g., PDFs)
• Need READ_EXTERNAL_STORAGE to query and find content from other apps

Casualties of Whoa!

• File managers
• Anything using FileObserver
• Anything needing random access (e.g., SQLite)

I Said: Do Not Wait to Adapt Your App!

Questions?