Limit call debugging API of JobScheduler

Android 11 provides debug support for apps to identify JobScheduler’s potential API requests that exceed certain rate limits. Developers can use this facility to identify potential performance issues. For applications with debuggable manifest properties set to true, JobScheduler calls the JobScheduler API that exceeds the rate limit to return RESULT_FAILURE. The limit is set so that fair use cases are not affected.

Perform file-based encryption after restarting OTA without user information

After the device receives the OTA update and reboots, the encryption keys for the authentication information are placed in a storage protected by information immediately available for File-based Encryption operations. (FBE). Therefore, your application can perform file-related encryption actions before users enter their PIN, pattern or password to unlock the device after rebooting.

Note: This change only affects device restarts that occur due to OTA updates. If your application must always “resume after restarting”, continue to support Direct Boot.

One-time permissions

In Android 11, whenever your app requests location-related permissions, a microphone or a camera, your app will be temporarily granted permission once. To learn more about this change, see the rights section once on the discussion page of privacy changes related to permissions in Android 11.

User choices may be limited when the licensing dialog appears Android 11 discouraging repeated requests for a specific permission. If the user touches to refuse twice for a specific permission during the time of installing your app on the device, this action means “don’t ask again”. To learn more about this change, see the display of the license dialog box on the discussion of privacy changes related to permissions in Android 11.

Access background location

If your application has an Android 11 target, you cannot directly request access to the background at any time. Even if your application targets Android 10 (API level 29) or below, users will see a system dialog box including buttons for controlling foreground location access.

Storage UI

Android 11 introduces a number of changes to users regarding storage permissions, including the name of the Runtime Storage permission and the content of the dialog that explains your app’s requirements for storage permissions. To learn more about these changes, see the permissions section of the discussion page about privacy changes related to storage in Android 11.

Private application usage statistics

To better protect users, Android 11 stores each user’s app usage statistics in encrypted memory with authentication information. Therefore, neither the system nor any application can access that data unless isUserUnlocked () returns true, which occurs after one of the following occurs:

Users unlock their device for the first time after booting the system. Users switch to their account on the device. If your application is already associated with a version of UsageStatsManager, check if you invoke methods on this object after the user unlocks their device. On the other hand, the API now returns null or null values.

MANAGE_OVERLAY_PERMISSION intent always sends users to the system license screen Starting with Android 11, the ACTION_MANAGE_OVERLAY_PERMISSION intent always takes users to the top-level Settings screen where they can grant or revoke SYSTEM_ALERT_WINDOW permissions for application. Any package: data in intent is ignored.

In previous versions of Android, the purpose ACTION_MANAGE_OVERLAY_PERMISSION could specify a package, which would take users to an application-specific screen to manage permissions. This function is no longer supported in Android 11. Instead, users must first select the application they want to grant or revoke permissions. This change is intended to protect users by more deliberate licensing.

Access to all files

Some applications have core use cases that require extensive file access, such as file management or backup & restore operations. They can get all file access by declaring MANAGE_EXTERNAL_STORAGE special MANAGE_EXTERNAL_STORAGE permission.

Caution: MANAGE_EXTERNAL_STORAGE permission allows applications to access potentially sensitive data on shared memory. In upcoming versions of the Developer Preview, look for Google Play to provide guidelines for applications that need this permission.

Declare using accessibility button in metadata file

Starting with Android 11, your accessibility service cannot declare links to the system accessibility buttons at runtime. If you append AccessServiceInfo.FLAG_REQUEST_ACCESSITALITY_BUTTON to the flags property of the AccessServiceInfo object, the frame will not pass events to the accessibility button callback for your service.

Instead, declare the link of your accessibility service to the accessibility button using the flagRequestAccessibilityButton flag in your accessibility service metadata file, usually res / raw / accessibilityservice.xml flagRequestAccessibilityButton.

Limited Non-SDK interface

Android 11 includes updated lists of restricted Non-SDK interfaces based on collaboration with the latest Android developers and internal testing. Whenever possible, we ensure that public alternatives are available before we restrict the Non-SDK interface.

If your app does not target Android 11, some of these changes may not affect you right away. However, although you can currently use the Non-SDK interface as part of the greylist (depending on the target API level of your application), use any non-SDK method or field. risk breaking your application.

If you’re not sure if your application uses the Non-SDK interface, you can check your application to find out. If your application is based on the Non-SDK interface, you should start planning migration to the SDK alternatives. However, we understand that some applications have valid use cases to use the Non-SDK interface. If you cannot find an alternative to using the Non-SDK interface for a feature in your application, you should request a new public API.

File descriptor sanitizer (fdsan)

fdsan detects mishandling of file descriptor ownership, such as use after closing and closing twice. The default mode for fdsan is changing in Android 11. fdsan currently aborted when error detection; The previous behavior is to log a warning and continue.

Scudo Hardened Allocator

Android 11 uses Scudo Hardened Allocator internally to allocate service heap. Scudo is capable of detecting and minimizing certain types of memory safety breaches. If you are seeing Scudo-related issues (e.g., Scudo ERROR: in original crash reports, refer to the Scudo troubleshooting documentation.

SSL sockets uses the SSL Conscrypt tool by default

In Android 11, deploying the default SSLSocket uses Conscrypt SSLEngine.

Open Mobile API changes

Starting with Android 11, the Open Mobile API (OMAPI) has additional functionality:

• Analyze rules for vendor privileges.
• Customize access to the Secure Element (eSE) embedded or provided eSE in one or more of the following ways:
• Privileged permission system
• Application identifier (ARA-M) (AID)
• System API for resetting the OMAPI reader
• Provides readers with a clear indication for applications to filter device capabilities.

Support simultaneous use of more than one camera

Android 11 adds an API to query support for the use of multiple cameras at the same time, including the front and rear cameras.

Source: https://developer.android.com/preview/behavior-changes-all