Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Adapting your app for Android 11 privacy changes

Su Myat
August 09, 2020

Adapting your app for Android 11 privacy changes

Security and Privacy have always been core to how the Android Framework is designed, and with every new release, a significant focus is being placed on improving the security and privacy of the Android platform. This presentation gives an overview of the most important updates on Android 11, which are aimed at making the platform more secure and the apps we develop more user privacy-centric. Will discuss how one permission, permissions auto reset, and changes to background location access drive towards this goal.

Su Myat

August 09, 2020
Tweet

More Decks by Su Myat

Other Decks in Programming

Transcript

  1. GDG Location Android 11: Brings greater protection to user data

    Data access auditing Permission changes Package visibility Foreground service types Scoped storage
  2. GDG Location Do I need to change anything to work

    with one-time permissions? Nothing! * * if you’re currently following permission best practices
  3. GDG Location when { checkSelfPermission(...) == GRANTED -> { //

    Perform action. } shouldShowRequestPermissionRationale(..) -> { // Show in-context rationale. } else -> { requestPermissions(...) } }
  4. GDG Location when { checkSelfPermission(...) == GRANTED -> { //

    Perform action. } shouldShowRequestPermissionRationale(..) -> { // Show in-context rationale. } else -> { requestPermissions(...) } }
  5. GDG Location override fun onRequestPermissionsResult(...) { when (requestCode) { MY_PERMISSION_REQUEST_CODE

    -> { if ((grantResults[0] == PERMISSION_GRANTED)) { // Permission is granted. Perform action. } else { // Explain to user: feature isn't // available. } return } } }
  6. GDG Location Location Permission is special it’s split in Foreground

    and Background access Foreground access (App is visible or running a Foreground Service with Location type) • ACCESS_COARSE_LOCATION • ACCESS_FINE_LOCATION (accurate location) Background access (i.e Geofence or WorkManager/AlarmManager in BG) • ACCESS_BACKGROUND_LOCATION
  7. GDG Location Foreground location access ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION •On all

    versions, this requests foreground access. •On pre-Android 10, background access is implied. ActivityCompat.requestPermissions( /* Activity */ this, /* Request BG alone */ arrayOf(ACCESS_COARSE_LOCATION), /* RequestCode */ 100 )
  8. GDG Location Page has a limit similar to Deny Request

    ACCESS_BACKGROUND_LOCATIO N At some point ACCESS_COARSE_LOCATIO N My App Target API level 'R' If show rational is true: IN-CONTEXT UI (you define it) Background location access request incrementally only after Foreground has been granted
  9. GDG Location Redirection to this screen is limited ACCESS_BACKGROUND_LOCATION ACCESS_COARSE_LOCATION

    My App Target API level 29 or lower All at once location request not possible after targeting Android 11
  10. GDG Location Target API level 'R' Auto-reset permissions Provide family

    safety Sync data Smart device connectivity app Paired to companion devices Settings.ACTION_APPLICATION_DETAILS_SETTINGS
  11. GDG Location Location Contacts Microphone Code Private data provided to

    app Unexpected private data use Dependencies Orphan code
  12. GDG Location Location Contacts Microphone Code (e.g. == Stack traces)

    Private data Provided to app What code uses privata data?
  13. GDG Location Code (e.g. == Stack traces) Private data Provided

    to app API provided mapping code <- private data What code uses privata data? Location Contacts Microphone
  14. GDG Location Setting up data access operation callback val appOpsManager

    = getSystemService(AppOpsManager::class.java) ... appOpsManager.setOnOpNotedCallback(mainExecutor, appOpsCallback) Synchronous access Asynchronous access ...
  15. GDG Location What feature uses private data? Dev provided mapping

    code <-> feature API provided mapping feature <- data access Navigation Explore Nearby shopping Find friends Default Location Contacts Microphone
  16. GDG Location What feature uses private data? Dev provided mapping

    code <-> feature API provided mapping feature <- data access Navigation Explore shopping Find friends Default Location Contacts Microphone
  17. GDG Location Using attribution context override fun onCreate(savedInstanceState: Bundle?) {

    attributionContext = createAttributionContext("find_friends") } ...argument for API calls val appOpsCallback = object : AppOpsManager.OnOpNotedCallback() { override fun onNoted(syncNotedAppOp: SyncNotedAppOp) { ... syncNotedAppOp.attributionTag } } “find_friends”
  18. GDG Location Companion device Media Projection Location Foreground Service Types

    Android 10 • Introduced the concept of types Sync Media Player Phone Call c Enforced to ensure accountability for access
  19. GDG Location Foreground Service Types Android 11 Target API level

    'R' <manifest> ... <service ... android:foregroundServiceType="camera" /> </manifest>
  20. GDG Location Foreground Service Types Android 11 Target API level

    'R' <manifest> ... <service ... android:foregroundServiceType="camera|microphone" /> </manifest>
  21. GDG Location Package visibility No change required in most cases!

    Target API level 'R' interact query PackageManager your app other apps
  22. GDG Location Query and interact with specific apps Declare package

    names in <queries> element of manifest to ‘see’ specific apps. <manifest> <queries> <package android:name="com.example.store" /> <package android:name="com.example.service" /> ... </queries> ... </manifest>
  23. GDG Location Query and interact with apps based on intent

    filters Declare intents in <queries> element to ‘see’ apps that handle certain intents. <manifest> <queries> <intent> <action android:name="android.intent.action.SEND" /> <data android:mimeType="image/jpeg" /> </intent> </queries> ... </manifest>
  24. GDG Location Interacting with all apps • Shouldn’t be necessary

    for most apps. • Available “Normal” permission that allows querying and interacting with all installed apps. <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"> Look for Google Play to provide upcoming guidelines for apps that need this permission. Let us know your use cases.
  25. GDG Location Control how your intent is handled val url

    = "https://news.google.com" val intent = Intent(ACTION_VIEW, Uri.parse(url).apply { flags = FLAG_ACTIVITY_NEW_TASK } startActivity(intent)
  26. GDG Location Control how your intent is handled val url

    = "https://news.google.com" val intent = Intent(ACTION_VIEW, Uri.parse(url).apply { flags = FLAG_ACTIVITY_NEW_TASK or FLAG_ACTIVITY_REQUIRE_NON_BROWSER } startActivity(intent) ActivityNotFoundException if no default native apps …. app can handle content on its own
  27. GDG Location Testing package visibility adb shell pm log-visibility --enable

    your-package-name Enable package filtering (default on for debuggable apps) I/AppsFilter: interaction: PackageSetting{7654321 \ com.example.myapp/12345} -> PackageSetting{...} BLOCKED Sample logcat output
  28. GDG Location Introduced with Android 10 Separate storage into collections

    and limit broad access to shared storage •Better attribution •Protect app data •Protect user data Scoped Storage Shared storage Documents + other files Only accessible to apps via system picker Photo/Video/Music Audio Gated behind Files & Media Permission
  29. GDG Location •Unrestricted media and downloads contributions •Only media collections

    can be read with the storage permission •Location metadata requires permission •System picker for all other file types •Reading or writing outside of collections requires the system picker Enforced by target SDK but with an option to opt out Scoped Storage in Android 10
  30. GDG Location •Storage renamed to Files & Media •With targetSdkVersion=R

    ◦ WRITE_EXTERNAL_STORAGE and WRITE_MEDIA_STORAGE do not grant any additional write access. Storage permissions changes
  31. GDG Location Media store API and bulk edit access •Improved

    consent UI for bulk edits •Supports operations ◦ Write access ◦ Designate media as “favorites” ◦ Put media into trash ◦ Delete access
  32. GDG Location Media store API and bulk edit access val

    urisToModify = listOf(...some set of content:// URIs ...) val editPendingIntent = MediaStore.createWriteRequest(contentResolver, urisToModify) startIntentSenderForResult( editPendingIntent.intentSender, EDIT_REQUEST_CODE...) override fun onActivityResult(...) { ... when (requestCode) { EDIT_REQUEST_CODE -> if (resultCode == Activity.RESULT_OK) { ...Request granted...edit media }
  33. GDG Location Enable native libraries and Java file APIs •

    Android 10 locked down file path access • All apps are recommended to use MediaStore • File path access is really a proxy into MediaStore • MediaStore enforcements maintained Direct file path access for media
  34. GDG Location Fine-grained Phone permissions call states ringing? idle? phone

    numbers getLine1Number() getMsisdn() 'R' Target API level READ_PHONE_STATE READ_PHONE_NUMBE RS
  35. GDG Location Fine-grained Phone permissions 'R' Target API level <!--

    Request on Pre-Android 11 --> <uses-permission android:maxSdkVersion="29" android:name="android.permission.READ_PHONE_STATE" /> <!-- Request on Android 11+ --> <uses-permission android:name="android.permission.READ_PHONE_NUMBERS" />
  36. GDG Location Non-system apps targeting Android 11: • Can no

    longer access MAC address for network interfaces ◦ NetworkInterface#getHardwareAddress() returns null for every network interface ◦ getifaddrs() response no longer includes MAC address information ◦ RTM_GETLINK NetLink requests are blocked • Can only list network interfaces that have an IP address set ◦ NetworkInterface#getNetworkInterfaces() and getifaddrs() return only network interfaces that have an IPv4 address • Can no longer use bind() on NETLINK_ROUTE sockets ◦ Supported alternative: use ConnectivityManager instead MAC Address Restrictions 'R' Target API level