Regarding 4.4 Kitkat External SD Card access permision, anyone can explain to us what is the objective of having such rigid permissions ?
"....
Starting in Android 4.4, the owner, group and modes of files on external storage devices are now synthesized based on directory structure. This enables apps to manage their package-specific directories on external storage without requiring they hold the broad WRITE_EXTERNAL_STORAGE permission. For example, the app with package name com.example.foo can now freely access Android/data/com.example.foo/ on external storage devices with no permissions. These synthesized permissions are accomplished by wrapping raw storage devices in a FUSE daemon.
..."
Full source : http://source.android.com/devices/tech/storage/
On 4.3 and older, a malicious app can wipe the whole sdcard with standard permissions. New permissions prevent it.
aydc said:
On 4.3 and older, a malicious app can wipe the whole sdcard with standard permissions. New permissions prevent it.
Click to expand...
Click to collapse
So this is useful then not a considered 'bug'..
I guess there will be no benefits anymore to use 3rd party file manager if we dont root our phones. Niche market just collapsed.
Sorry, but I have follow up questions:
I wonder how many malicious pieces of software like that are in a Google Play store to warrant breaking most third party applications that write to SD card? But I guess now, that apps can't write to SD card, there will be not much to protect there anyhow? And how will this all work in the future, once apps get their permissions fixed? I won't be allowed to access my card or format it at will? or will I be able to grant those permissions, but then how would I know the software is malicious any more than I know now? Am I too stupid to grasp the logic of all this?
pete4k said:
Sorry, but I have follow up questions:
I wonder how many malicious pieces of software like that are in a Google Play store to warrant breaking most third party applications that write to SD card? But I guess now, that apps can't write to SD card, there will be not much to protect there anyhow? And how will this all work in the future, once apps get their permissions fixed? I won't be allowed to access my card or format it at will? or will I be able to grant those permissions, but then how would I know the software is malicious any more than I know now? Am I too stupid to grasp the logic of all this?
Click to expand...
Click to collapse
That's what I had in mind too but if you see from the source link above I think Google is anticipating MULTI USER environment where some "stuffs" from me could wrack havoc some of "your stuffs". That scenario actually will only happen on MULTI USER tablet / smartphone, but that surely not mainstream are they ?
pete4k said:
Sorry, but I have follow up questions:
I wonder how many malicious pieces of software like that are in a Google Play store to warrant breaking most third party applications that write to SD card? But I guess now, that apps can't write to SD card, there will be not much to protect there anyhow? And how will this all work in the future, once apps get their permissions fixed? I won't be allowed to access my card or format it at will? or will I be able to grant those permissions, but then how would I know the software is malicious any more than I know now? Am I too stupid to grasp the logic of all this?
Click to expand...
Click to collapse
As stated on source.android.com:
Starting in Android 4.4, the owner, group and modes of files on external storage devices are now synthesized based on directory structure. This enables apps to manage their package-specific directories on external storage without requiring they hold the broad WRITE_EXTERNAL_STORAGE permission. For example, the app with package name com.example.foo can now freely access Android/data/com.example.foo/ on external storage devices with no permissions. These synthesized permissions are accomplished by wrapping raw storage devices in a FUSE daemon.
Related
One thing that really annoys me is how Android allows apps to litter your internal and external storage cards with files and folders, and these do not get removed when the app is uninstalled. I have literally scores of folders on my device, and half of them I don't have a clue what they are.
I wish when an app was removed Android gave you the option to delete all associated files wherever they may be, and if you say "Yes" then it would enforce that by deleting everything to do with that app.
That would require that app developers stick to some kind of standard, like keeping a configuration file with the location(s) of all its files, on both internal and external memory. While that's certainly doable, it's just as easy for those same developers to code their apps cleanly to remove their own junk. If devs are being sloppy, they're gonna be sloppy either way.
Something big would have to change in Android, since currently apps either have access to the SD or they don't. They would have to introduce a new type of permission which would only allow access to a certain subfolder, whose name is automatically assigned by the OS. Then, apps with that permission would necessarily have to drop all their files in that one place, and identification of residual files would be much easier.
Kind of like this
setspeed said:
One thing that really annoys me is how Android allows apps to litter your internal and external storage cards with files and folders, and these do not get removed when the app is uninstalled. I have literally scores of folders on my device, and half of them I don't have a clue what they are.
I wish when an app was removed Android gave you the option to delete all associated files wherever they may be, and if you say "Yes" then it would enforce that by deleting everything to do with that app.
Click to expand...
Click to collapse
I kind of like it this way. It gives me an excuse to root in there and clean it up.
--El
UPDATE: Google's API changes to KitKat means the following, as per Google:
An application may request broad read-oonly permissions for external storage. This means that the application will be able to read the MicroSD only.
Applications cannot obtain permission to write to external storage. This means that file managers cannot edit/create/delete files on MicroSD anymore. This is a casualty of a change meant for security.
With or without requested permission for external storage, an application may now modify conents of its assigned folder on external storage (IE, /android/data). This allows an application to offload content to external storage if the storage is considered "permanent," Ie, MicroSD is considered permanent while OTG is not.
The benefits to this change means that applications required less tweaking to offload their data to external storage. We saw this with the recent Google Music update (and I'm loving that). Even now, it seems updates to recent Google applications are preparing to utilize this functionality. Google's camera.apk has taken up residence on my MicroSD so I suspect that a future update will allow you to store to external storage.
The downsides are that file managers cannot make use of MicroSD anymore, aside from reading the contents. Consider it collateral damage.
-reserved-
Titanium backup. Requires external SD permissions.xml fix to be able to store there.
Sent from my GT-I9505G using Tapatalk
ES doesn't work. If you delete a folder, it will show as deleted. Exit and come back, and the folder remains. Cannot edit or create a folder (in MicroSD).
Bump. OP now has full explanation of what's going on.
jaykresge said:
UPDATE: Google's API changes to KitKat means the following, as per Google:
An application may request broad read-oonly permissions for external storage. This means that the application will be able to read the MicroSD only.
Applications cannot obtain permission to write to external storage. This means that file managers cannot edit/create/delete files on MicroSD anymore. This is a casualty of a change meant for security.
With or without requested permission for external storage, an application may now modify conents of its assigned folder on external storage (IE, /android/data). This allows an application to offload content to external storage if the storage is considered "permanent," Ie, MicroSD is considered permanent while OTG is not.
The benefits to this change means that applications required less tweaking to offload their data to external storage. We saw this with the recent Google Music update (and I'm loving that). Even now, it seems updates to recent Google applications are preparing to utilize this functionality. Google's camera.apk has taken up residence on my MicroSD so I suspect that a future update will allow you to store to external storage.
The downsides are that file managers cannot make use of MicroSD anymore, aside from reading the contents. Consider it collateral damage.
Click to expand...
Click to collapse
Reading from Android Developer new API changes tha way you read and write from External Sd card... but if your app has WRITE_EXTERNAL_STORAGE permission it should be able to write your ext sd card without problems.
This means that current apps (and File Managers) should be updated to support kitkat API level 9 and obtain WRITE_EXTERNAL_STORAGE permission.
public static final String WRITE_EXTERNAL_STORAGE
Added in API level 4
Allows an application to write to external storage.
Note: If both your minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants your app this permission. If you don't need this permission, be sure your targetSdkVersion is 4 or higher.
Starting in API level 19, this permission is not required to read/write files in your application-specific directories returned by getExternalFilesDir(String) and getExternalCacheDir().
Constant Value: "android.permission.WRITE_EXTERNAL_STORAGE"
API level 19 is kitkat code....
On Android 7.0, all apps have access to /sdcard/Android/*
For apps to get sdcard access outside that Android folder, they need explicit permission.
I would like to remove the default allowed access to /sdcard/Android/* but keep the system in place that grants root SD access to allowed apps.
Bonus points, if I can somehow rid of DCIM, LOST.DIR, System Volume Information, and .android_secure from being created aswell.
The clutter is getting ridiculous. Simply swapping in an sdcard or plugging in a USB OTG drive will cause it to immedietly get cluttered.
This is external, swappable, storage we are dealing with FFS! Whose bright idea was this damn system.
I have root. (Is Xposed Privacy my only option?)
No I do not have adaptable storage enabled. This is simply regular external storage.
Not sure if many of you are aware, but the U11 allows you to encrypt portable microSD cards in the settings, which is nice for privacy purposes. The problem is since I did that (I even rebooted after) many of my apps can't properly read or write to the microSD card. I've noticed many of said apps don't implement Google's expandable storage permissions properly either (i.e. they don't ask you to select the root directory of the microSD card in Android File Explorer so they have proper read-write access to everything.)
My questions, therefore, are:
What am I doing wrong? Is there some permission I'm missing?
Are 3rd party apps supposed to be able to work with encrypted portable storage?
Is encrypted portable storage even an AOSP feature? Or something specific to 3rd party OEMs?
Why do so many apps not implement microSD storage read/write permissions correctly?
Any ideas?
yes, (dead brained) android developers again broken the file-system access....
as lot of users that have an old device, I use app2sd app to move my app to sdcard (because adoptable storage is a sh..t, that don´t even care about partitioning a sdcard to still allow to use it to store data that I want to access from a pc when the phone has problems... again, theses "clever" google engineer didn't even asked themselves why user created app2sd like app... why they chosen to use dedicated partition and still allow to have a shareable storage... ) , my sdcard speed is fast enough to not see any difference between internal storage and sd card stored app, and I worry more about emmc aging than a few ms....
BUT, seems that the APP_DATA_DIRECTORY_ISOLATION feature prevent moving the data to sdcard, I use lineageos, in developper settings there is override per application compatibility, when I uncheck APP_DATA_DIRECTORY_ISOLATION in this for a particular app linked to sdcard, this solve the issue, and a sd card stored app can be used...
however, this settings isn't persistent... so on next reboot I have to do it again for every app linked to sdcard....
and you know what? it was reported to android dev, that replied... to buy a new phone!!! because emmc storage is much more faster.... I begin to really get upset at android, they took a nice system (linux) and made it s....t, and more, how many cpu power is lost by android checks (since it can be desactivated on the fly per app... this isn't something that rely on kernel....)
so my question, is it possible to have this option set to off by default on boot? how?
thanks
jl forums said:
yes, (dead brained) android developers again broken the file-system access....
as lot of users that have an old device, I use app2sd app to move my app to sdcard (because adoptable storage is a sh..t, that don´t even care about partitioning a sdcard to still allow to use it to store data that I want to access from a pc when the phone has problems... again, theses "clever" google engineer didn't even asked themselves why user created app2sd like app... why they chosen to use dedicated partition and still allow to have a shareable storage... ) , my sdcard speed is fast enough to not see any difference between internal storage and sd card stored app, and I worry more about emmc aging than a few ms....
BUT, seems that the APP_DATA_DIRECTORY_ISOLATION feature prevent moving the data to sdcard, I use lineageos, in developper settings there is override per application compatibility, when I uncheck APP_DATA_DIRECTORY_ISOLATION in this for a particular app linked to sdcard, this solve the issue, and a sd card stored app can be used...
however, this settings isn't persistent... so on next reboot I have to do it again for every app linked to sdcard....
and you know what? it was reported to android dev, that replied... to buy a new phone!!! because emmc storage is much more faster.... I begin to really get upset at android, they took a nice system (linux) and made it s....t, and more, how many cpu power is lost by android checks (since it can be desactivated on the fly per app... this isn't something that rely on kernel....)
so my question, is it possible to have this option set to off by default on boot? how?
thanks
Click to expand...
Click to collapse
Note: Questions go in Q&A Forum
If you are posting a Question Thread post it in the Q&A forum. Technical discussion of Android development and hacking. No noobs, please. Device-specific releases should go under the appropriate device forum...
forum.xda-developers.com