Adapting your app for Android 11 privacy changes

Transcript

1. GDG Location Adapting your apps for Android 11 privacy changes

   @jessica_sumyat

2. GDG Location Privacy changes

3. GDG Location Android 11: Brings greater protection to user data

   Data access auditing Permission changes Package visibility Foreground service types Scoped storage

4. GDG Location Permission changes

5. GDG Location

6. GDG Location

7. GDG Location

8. GDG Location

9. GDG Location Do I need to change anything to work

   with one-time permissions? Nothing! * * if you’re currently following permission best practices

10. GDG Location when { checkSelfPermission(...) == GRANTED -> { //

    Perform action. } shouldShowRequestPermissionRationale(..) -> { // Show in-context rationale. } else -> { requestPermissions(...) } }

11. GDG Location when { checkSelfPermission(...) == GRANTED -> { //

    Perform action. } shouldShowRequestPermissionRationale(..) -> { // Show in-context rationale. } else -> { requestPermissions(...) } }

12. GDG Location override fun onRequestPermissionsResult(...) { when (requestCode) { MY_PERMISSION_REQUEST_CODE

    -> { if ((grantResults[0] == PERMISSION_GRANTED)) { // Permission is granted. Perform action. } else { // Explain to user: feature isn't // available. } return } } }

13. GDG Location Location Permission is special it’s split in Foreground

    and Background access Foreground access (App is visible or running a Foreground Service with Location type) • ACCESS_COARSE_LOCATION • ACCESS_FINE_LOCATION (accurate location) Background access (i.e Geofence or WorkManager/AlarmManager in BG) • ACCESS_BACKGROUND_LOCATION

14. GDG Location Foreground location access ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION •On all

    versions, this requests foreground access. •On pre-Android 10, background access is implied. ActivityCompat.requestPermissions( /* Activity */ this, /* Request BG alone */ arrayOf(ACCESS_COARSE_LOCATION), /* RequestCode */ 100 )

15. GDG Location Page has a limit similar to Deny Request

    ACCESS_BACKGROUND_LOCATIO N At some point ACCESS_COARSE_LOCATIO N My App Target API level 'R' If show rational is true: IN-CONTEXT UI (you define it) Background location access request incrementally only after Foreground has been granted

16. GDG Location Redirection to this screen is limited ACCESS_BACKGROUND_LOCATION ACCESS_COARSE_LOCATION

    My App Target API level 29 or lower All at once location request not possible after targeting Android 11

17. GDG Location Target API level 'R' Auto-reset permissions

18. GDG Location Target API level 'R' Auto-reset permissions Provide family

    safety Sync data Smart device connectivity app Paired to companion devices Settings.ACTION_APPLICATION_DETAILS_SETTINGS

19. GDG Location Data access auditing or: Why did my app

    use that data?

20. GDG Location Give users transparency to data access.

21. GDG Location Location Contacts Microphone Code Private data provided to

    app Unexpected private data use Dependencies Orphan code

22. GDG Location Callbacks on data access Feature tagging New APIs

23. GDG Location Location Contacts Microphone Code (e.g. == Stack traces)

    Private data Provided to app What code uses privata data?

24. GDG Location Code (e.g. == Stack traces) Private data Provided

    to app API provided mapping code <- private data What code uses privata data? Location Contacts Microphone

25. GDG Location Setting up data access operation callback val appOpsManager

    = getSystemService(AppOpsManager::class.java) ... appOpsManager.setOnOpNotedCallback(mainExecutor, appOpsCallback) Synchronous access Asynchronous access ...

26. GDG Location What feature uses private data? Dev provided mapping

    code <-> feature API provided mapping feature <- data access Navigation Explore Nearby shopping Find friends Default Location Contacts Microphone

27. GDG Location What feature uses private data? Dev provided mapping

    code <-> feature API provided mapping feature <- data access Navigation Explore shopping Find friends Default Location Contacts Microphone

28. GDG Location Using attribution context override fun onCreate(savedInstanceState: Bundle?) {

    attributionContext = createAttributionContext("find_friends") } ...argument for API calls val appOpsCallback = object : AppOpsManager.OnOpNotedCallback() { override fun onNoted(syncNotedAppOp: SyncNotedAppOp) { ... syncNotedAppOp.attributionTag } } “find_friends”

29. GDG Location New Foreground Service Types

30. GDG Location Companion device Media Projection Location Foreground Service Types

    Android 10 • Introduced the concept of types Sync Media Player Phone Call c Enforced to ensure accountability for access

31. GDG Location Foreground Service Types Android 11 Target API level

    'R' <manifest> ... <service ... android:foregroundServiceType="camera" /> </manifest>

32. GDG Location Foreground Service Types Android 11 Target API level

    'R' <manifest> ... <service ... android:foregroundServiceType="camera|microphone" /> </manifest>

33. GDG Location Foreground Service Types

34. GDG Location Package Visibility

35. GDG Location Seeing all installed apps packageManager.getInstalledPackages(0)

36. GDG Location Package visibility No change required in most cases!

    Target API level 'R' interact query PackageManager your app other apps

37. GDG Location Unaffected common interactions getPackageInfo(getPackageName(), 0) your app Target

    API level 'R'

38. GDG Location Unaffected common interactions getInstalledPackages(0) your app system pkgs

    'R' Target API level

39. GDG Location Unaffected common interactions your app 'R' IMAGE_CAPTURE Implicit

    intent Target API level

40. GDG Location Unaffected common interactions your app 'R' Target API

    level results another app

41. GDG Location Default behavior getPackageInfo("another.app", 0) NameNotFound Exception 'R' Target

    API level

42. GDG Location Query and interact with specific apps Declare package

    names in <queries> element of manifest to ‘see’ specific apps. <manifest> <queries> <package android:name="com.example.store" /> <package android:name="com.example.service" /> ... </queries> ... </manifest>

43. GDG Location Query and interact with apps based on intent

    filters Declare intents in <queries> element to ‘see’ apps that handle certain intents. <manifest> <queries> <intent> <action android:name="android.intent.action.SEND" /> <data android:mimeType="image/jpeg" /> </intent> </queries> ... </manifest>

44. GDG Location Interacting with all apps • Shouldn’t be necessary

    for most apps. • Available “Normal” permission that allows querying and interacting with all installed apps. <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"> Look for Google Play to provide upcoming guidelines for apps that need this permission. Let us know your use cases.

45. GDG Location Control how your intent is handled val url

    = "https://news.google.com" val intent = Intent(ACTION_VIEW, Uri.parse(url).apply { flags = FLAG_ACTIVITY_NEW_TASK } startActivity(intent)

46. GDG Location Control how your intent is handled val url

    = "https://news.google.com" val intent = Intent(ACTION_VIEW, Uri.parse(url).apply { flags = FLAG_ACTIVITY_NEW_TASK or FLAG_ACTIVITY_REQUIRE_NON_BROWSER } startActivity(intent) ActivityNotFoundException if no default native apps …. app can handle content on its own

47. GDG Location Testing package visibility adb shell pm log-visibility --enable

    your-package-name Enable package filtering (default on for debuggable apps) I/AppsFilter: interaction: PackageSetting{7654321 \ com.example.myapp/12345} -> PackageSetting{...} BLOCKED Sample logcat output

48. GDG Location Scoped Storage

49. GDG Location Introduced with Android 10 Separate storage into collections

    and limit broad access to shared storage •Better attribution •Protect app data •Protect user data Scoped Storage Shared storage Documents + other files Only accessible to apps via system picker Photo/Video/Music Audio Gated behind Files & Media Permission

50. GDG Location •Unrestricted media and downloads contributions •Only media collections

    can be read with the storage permission •Location metadata requires permission •System picker for all other file types •Reading or writing outside of collections requires the system picker Enforced by target SDK but with an option to opt out Scoped Storage in Android 10

51. GDG Location •Storage renamed to Files & Media •With targetSdkVersion=R

    ◦ WRITE_EXTERNAL_STORAGE and WRITE_MEDIA_STORAGE do not grant any additional write access. Storage permissions changes

52. GDG Location Media store API and bulk edit access •Improved

    consent UI for bulk edits •Supports operations ◦ Write access ◦ Designate media as “favorites” ◦ Put media into trash ◦ Delete access

53. GDG Location Media store API and bulk edit access val

    urisToModify = listOf(...some set of content:// URIs ...) val editPendingIntent = MediaStore.createWriteRequest(contentResolver, urisToModify) startIntentSenderForResult( editPendingIntent.intentSender, EDIT_REQUEST_CODE...) override fun onActivityResult(...) { ... when (requestCode) { EDIT_REQUEST_CODE -> if (resultCode == Activity.RESULT_OK) { ...Request granted...edit media }

54. GDG Location File access restrictions ACTION_OPEN_DOCUMENT_TREE root Android data obb

    Download

55. GDG Location File access restrictions ACTION_OPEN_DOCUMENT root Android data obb

    Download

56. GDG Location Enable native libraries and Java file APIs •

    Android 10 locked down file path access • All apps are recommended to use MediaStore • File path access is really a proxy into MediaStore • MediaStore enforcements maintained Direct file path access for media

57. GDG Location Other Important Changes

58. GDG Location Fine-grained Phone permissions call states ringing? idle? phone

    numbers generic info private READ_PHONE_STATE

59. GDG Location Fine-grained Phone permissions call states ringing? idle? phone

    numbers getLine1Number() getMsisdn() 'R' Target API level READ_PHONE_STATE READ_PHONE_NUMBE RS

60. GDG Location Fine-grained Phone permissions 'R' Target API level <!--

    Request on Pre-Android 11 --> <uses-permission android:maxSdkVersion="29" android:name="android.permission.READ_PHONE_STATE" /> <!-- Request on Android 11+ --> <uses-permission android:name="android.permission.READ_PHONE_NUMBERS" />

61. GDG Location Non-system apps targeting Android 11: • Can no

    longer access MAC address for network interfaces ◦ NetworkInterface#getHardwareAddress() returns null for every network interface ◦ getifaddrs() response no longer includes MAC address information ◦ RTM_GETLINK NetLink requests are blocked • Can only list network interfaces that have an IP address set ◦ NetworkInterface#getNetworkInterfaces() and getifaddrs() return only network interfaces that have an IPv4 address • Can no longer use bind() on NETLINK_ROUTE sockets ◦ Supported alternative: use ConnectivityManager instead MAC Address Restrictions 'R' Target API level

62. GDG Location Wrap up

63. GDG Location Thank you!