Developers
Most visited
Recently visited
ADD_CONTENT_OBSERVER_FLAGS
targetSdkVersion of greater than or equal to
30.
Starting in Build.VERSION_CODES.R, there is a new public API overload onChange(boolean, Uri, int) that delivers a int flags argument.
Some apps may be relying on a previous hidden API that delivered a int userId argument, and this change is used to control delivery of the new int flags argument in its place.
ADMIN_APP_PASSWORD_COMPLEXITY
targetSdkVersion of greater than or equal to
30.
For admin apps targeting R+, throw when the app sets password requirement that is not taken into account at given quality. For example when quality is set to DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, it doesn't make sense to require certain password length. If the intent is to require a password of certain length having at least NUMERIC quality, the admin should first call DevicePolicyManager.setPasswordQuality(ComponentName, int) and only then call DevicePolicyManager.setPasswordMinimumLength(ComponentName, int).
Conversely when an admin app targeting R+ lowers password quality, those requirements that stop making sense are reset to default values.
ALLOW_TEST_API_ACCESS
Allow apps accessing @TestApi APIs.
This will always be disabled by default and should only be used by platform test code.
ALWAYS_SANDBOX_DISPLAY_APIS
This change id forces the packages it is applied to always have Display API sandboxing applied, regardless of windowing mode. The Display APIs will always provide the app bounds.
APN_READING_PERMISSION_CHANGE_ID
targetSdkVersion of greater than or equal to
30.
Compat framework change ID for the APN db read permission change. In API level 30 and beyond, accessing the APN database will require the Manifest.permission.WRITE_APN_SETTINGS permission. This change ID tracks apps that are affected because they don't hold this permission.
APP_DATA_DIRECTORY_ISOLATION
targetSdkVersion of greater than or equal to
30.
Apps have no access to the private data directories of any other app, even if the other app has made them world-readable.
AUTOFILL_NON_TEXT_REQUIRES_ON_RECEIVE_CONTENT_LISTENER
targetSdkVersion of greater than or equal to
32.
On Android S and above, the platform can provide non-text suggestions (e.g. images) via the augmented autofill framework (see autofill services). In order for an app to be able to handle these suggestions, it must normally implement the OnReceiveContentListener API. To make the adoption of this smoother for apps that have previously implemented the InputConnection.commitContent(InputContentInfo, int, Bundle) API, we reuse that API as a fallback if OnReceiveContentListener is not yet implemented by the app. This fallback is only enabled on Android S. This change ID disables the fallback, such that apps targeting Android T and above must implement the OnReceiveContentListener API in order to accept non-text suggestions.
BACKGROUND_RATIONALE_CHANGE_ID
targetSdkVersion of greater than or equal to
30.
This change makes it so that apps are told to show rationale for asking for background location access every time they request.
BLOCK_FLAG_SLIPPERY
Check whether apps are using FLAG_SLIPPERY for their windows. We expect that this flag is only used by the system components. If so, we can lock it down.
BLOCK_GPS_STATUS_USAGE
targetSdkVersion of greater than or equal to
31.
For apps targeting Android S and above, all GpsStatus API usage must be replaced with GnssStatus APIs.
BLOCK_IMMUTABLE_PENDING_INTENTS
targetSdkVersion of greater than or equal to
31.
For apps targeting Android S and above, immutable PendingIntents passed into location APIs will generate an IllegalArgumentException.
BLOCK_INCOMPLETE_LOCATIONS
targetSdkVersion of greater than or equal to
17.
For apps targeting Android K and above, incomplete locations may not be passed to setTestProviderLocation(String, Location).
BLOCK_PENDING_INTENT_SYSTEM_API_USAGE
targetSdkVersion of greater than or equal to
31.
For apps targeting Android S and above, LocationRequest system APIs may not be used with PendingIntent location requests.
BLOCK_UNTARGETED_PENDING_INTENTS
targetSdkVersion of greater than or equal to
17.
For apps targeting Android K and above, supplied PendingIntents must be targeted to a specific package.
BLOCK_UNTRUSTED_TOUCHES
Prevent touches from being consumed by apps if these touches passed through a non-trusted window from a different UID and are considered unsafe.
CALLBACK_ON_CLEAR_CHANGE
targetSdkVersion of greater than or equal to
30.
There will now be a callback to OnSharedPreferenceChangeListener.onSharedPreferenceChanged with a null key on Editor.clear.
CALLBACK_ON_MORE_ERROR_CODE_CHANGE
targetSdkVersion of greater than or equal to
30.
To expand the error codes for updateAvailableNetworks(List and setPreferredOpportunisticDataSubscription(int, boolean, Executor, Consumer.
CALL_BACK_ON_CHANGED_LISTENER_WITH_SWITCHED_OP_CHANGE
targetSdkVersion of greater than or equal to
30.
This is a subtle behavior change to startWatchingMode(String, String, AppOpsManager.OnOpChangedListener). Before this change the system called back for the switched op. After the change the system will call back for the actually requested op or all switched ops if no op is specified.
CAMERA_MICROPHONE_CAPABILITY_CHANGE_ID
targetSdkVersion of greater than or equal to
30.
In targetSdkVersion R and above, foreground service has camera and microphone while-in-use capability only when the R.attr.foregroundServiceType is configured as ServiceInfo.FOREGROUND_SERVICE_TYPE_CAMERA and ServiceInfo.FOREGROUND_SERVICE_TYPE_MICROPHONE respectively in the manifest file. In targetSdkVersion below R, foreground service automatically have camera and microphone capabilities.
CAMERA_MIC_INDICATORS_NOT_PRESENT
A ChangeId indicating that this device supports camera and mic indicators. Will be "false" if present, because the CompatChanges#isChangeEnabled method returns true if the change id is not present.
CANNOT_INSTALL_WITH_BAD_PERMISSION_GROUPS
targetSdkVersion of greater than or equal to
32.
Refuse to install package if groups of permissions are bad - Permission groups should only be shared between apps sharing a certificate - If a permission belongs to a group that group should be defined
CHANGE_BACKGROUND_CUSTOM_TOAST_BLOCK
targetSdkVersion of greater than or equal to
30.
Apps that post custom toasts in the background will have those blocked. Apps can still post toasts created with Toast.makeText(Context, CharSequence, int) and its variants while in the background.
CHANGE_ID_AUTH_STATE_DENIED
targetSdkVersion of greater than or equal to
31.
For clients targeting S and above, a SecurityException is thrown when they are in the denied authorization state and attempt to send a message to a nanoapp.
CHANGE_ID_SAMPLING_RATE_SENSORS_PERMISSION
targetSdkVersion of greater than or equal to
31.
For apps targeting S and above, a SecurityException is thrown when they do not have HIGH_SAMPLING_RATE_SENSORS permission, run in debug mode, and request sampling rates that are faster than 200 Hz.
CHANGE_RESTRICT_SAW_INTENT
Intents with action android.settings.MANAGE_APP_OVERLAY_PERMISSION and data URI scheme package don't go to the app-specific screen for managing the permission anymore. Instead, they redirect to this screen for managing all the apps that have requested such permission.
CHANGE_TEXT_TOASTS_IN_THE_SYSTEM
targetSdkVersion of greater than or equal to
30.
Text toasts will be rendered by SystemUI instead of in-app, so apps can't circumvent background custom toast restrictions.
CTS_SYSTEM_API_CHANGEID
targetSdkVersion of greater than or equal to
31.
A change ID to be used only in the CTS test for this SystemApi
CTS_SYSTEM_API_OVERRIDABLE_CHANGEID
An overridable change ID to be used only in the CTS test for this SystemApi
DEFAULT_SCOPED_STORAGE
Scoped Storage is on by default. However, it is not strictly enforced and there are multiple ways to opt out of scoped storage:
- Target Sdk < Q
- Target Sdk = Q and has `requestLegacyExternalStorage` set in AndroidManifest.xml
- Target Sdk > Q: Upgrading from an app that was opted out of scoped storage and has `preserveLegacyExternalStorage` set in AndroidManifest.xml
FORCE_ENABLE_SCOPED_STORAGE should also be disabled for apps to opt out of scoped storage. Note: This flag is also used in com.android.providers.media.LocalCallingIdentity. Any modifications to this flag should be reflected there as well. See https://developer.android.com/training/data-storage#scoped-storage for more information.
DELIVER_HISTORICAL_LOCATIONS
targetSdkVersion of greater than or equal to
31.
For apps targeting Android S and above, location clients may receive historical locations (from before the present time) under some circumstances.
DISALLOW_DUPLICATE_FIELD_IN_SKELETON
targetSdkVersion of greater than or equal to
10000.
getBestDateTimePattern(Locale, String) does not allow non-consecutive repeated symbol in the skeleton. For example, please use a skeleton of "jmm" or "hmma" instead of "ahmma" or "jmma", because the field 'j' could mean using 12-hour in some locales and, in this case, is duplicated as the 'a' field.
DISPLAY_INFO_NR_ADVANCED_SUPPORTED
targetSdkVersion of greater than or equal to
31.
Support backward compatibility for TelephonyDisplayInfo.
DISPLAY_MODE_RETURNS_PHYSICAL_REFRESH_RATE
targetSdkVersion of greater than or equal to
31.
Applications use Display.getRefreshRate() and Display.Mode.getRefreshRate() to know what is the display refresh rate. Starting with Android S, the platform might throttle down applications frame rate to a divisor of the refresh rate if it is more preferable (for example if the application called to Surface.setFrameRate(float, int)). Applications will experience Choreographer.postFrameCallback(Choreographer.FrameCallback) callbacks and backpressure at the throttled frame rate. Display.getRefreshRate() will always return the application frame rate and not the physical display refresh rate to allow applications to do frame pacing correctly. Display.Mode.getRefreshRate() will return the application frame rate if compiled to a previous release and starting with Android S it will return the physical display refresh rate.
DOWNSCALED
CompatModePackages#DOWNSCALED is the gatekeeper of all per-app buffer downscaling changes. Disabling this change will prevent the following scaling factors from working: CompatModePackages#DOWNSCALE_90 CompatModePackages#DOWNSCALE_85 CompatModePackages#DOWNSCALE_80 CompatModePackages#DOWNSCALE_75 CompatModePackages#DOWNSCALE_70 CompatModePackages#DOWNSCALE_65 CompatModePackages#DOWNSCALE_60 CompatModePackages#DOWNSCALE_55 CompatModePackages#DOWNSCALE_50 CompatModePackages#DOWNSCALE_45 CompatModePackages#DOWNSCALE_40 CompatModePackages#DOWNSCALE_35 CompatModePackages#DOWNSCALE_30 If CompatModePackages#DOWNSCALED is enabled for an app package, then the app will be forcibly resized to the highest enabled scaling factor e.g. 80% if both 80% and 70% were enabled.
DOWNSCALE_30
With CompatModePackages#DOWNSCALED enabled, subsequently enabling change-id CompatModePackages#DOWNSCALE_30 for a package will force the app to assume it's running on a display with 30% the vertical and horizontal resolution of the real display.
DOWNSCALE_35
With CompatModePackages#DOWNSCALED enabled, subsequently enabling change-id CompatModePackages#DOWNSCALE_35 for a package will force the app to assume it's running on a display with 35% the vertical and horizontal resolution of the real display.
DOWNSCALE_40
With CompatModePackages#DOWNSCALED enabled, subsequently enabling change-id CompatModePackages#DOWNSCALE_40 for a package will force the app to assume it's running on a display with 40% the vertical and horizontal resolution of the real display.
DOWNSCALE_45
With CompatModePackages#DOWNSCALED enabled, subsequently enabling change-id CompatModePackages#DOWNSCALE_45 for a package will force the app to assume it's running on a display with 45% the vertical and horizontal resolution of the real display.
DOWNSCALE_50
With CompatModePackages#DOWNSCALED enabled, subsequently enabling change-id CompatModePackages#DOWNSCALE_50 for a package will force the app to assume it's running on a display with 50% vertical and horizontal resolution of the real display.
DOWNSCALE_55
With CompatModePackages#DOWNSCALED enabled, subsequently enabling change-id CompatModePackages#DOWNSCALE_55 for a package will force the app to assume it's running on a display with 55% the vertical and horizontal resolution of the real display.
DOWNSCALE_60
With CompatModePackages#DOWNSCALED enabled, subsequently enabling change-id CompatModePackages#DOWNSCALE_60 for a package will force the app to assume it's running on a display with 60% the vertical and horizontal resolution of the real display.
DOWNSCALE_65
With CompatModePackages#DOWNSCALED enabled, subsequently enabling change-id CompatModePackages#DOWNSCALE_65 for a package will force the app to assume it's running on a display with 65% the vertical and horizontal resolution of the real display.
DOWNSCALE_70
With CompatModePackages#DOWNSCALED enabled, subsequently enabling change-id CompatModePackages#DOWNSCALE_70 for a package will force the app to assume it's running on a display with 70% the vertical and horizontal resolution of the real display.
DOWNSCALE_75
With CompatModePackages#DOWNSCALED enabled, subsequently enabling change-id CompatModePackages#DOWNSCALE_75 for a package will force the app to assume it's running on a display with 75% the vertical and horizontal resolution of the real display.
DOWNSCALE_80
With CompatModePackages#DOWNSCALED enabled, subsequently enabling change-id CompatModePackages#DOWNSCALE_80 for a package will force the app to assume it's running on a display with 80% the vertical and horizontal resolution of the real display.
DOWNSCALE_85
With CompatModePackages#DOWNSCALED enabled, subsequently enabling change-id CompatModePackages#DOWNSCALE_85 for a package will force the app to assume it's running on a display with 85% the vertical and horizontal resolution of the real display.
DOWNSCALE_90
With CompatModePackages#DOWNSCALED enabled, subsequently enabling change-id CompatModePackages#DOWNSCALE_90 for a package will force the app to assume it's running on a display with 90% the vertical and horizontal resolution of the real display.
DO_NOT_DOWNSCALE_TO_1080P_ON_TV
targetSdkVersion of greater than or equal to
31.
On Android TV applications that target pre-S are not expecting to receive a Window larger than 1080p, so if needed we are downscaling their Windows to 1080p. However, applications that target S and greater release version are expected to be able to handle any Window size, so we should not downscale their Windows.
DROP_CLOSE_SYSTEM_DIALOGS
Intent Intent.ACTION_CLOSE_SYSTEM_DIALOGS is too powerful to be unrestricted. We restrict its usage for a few legitimate use-cases only, regardless of targetSdk. For the other use-cases we drop the intent with a log message. Note that this is the lighter version of #LOCK_DOWN_CLOSE_SYSTEM_DIALOGS which is not gated on targetSdk in order to eliminate the abuse vector.
EMPTY_INTENT_ACTION_CATEGORY
targetSdkVersion of greater than or equal to
30.
An intent filter's actor or category is an empty string. A bug in the platform before R allowed this to pass through without an error. This does not include cases when the attribute is null/missing, as that has always been a failure.
ENABLE_CHECKS_FOR_PRIVATE_FILES
targetSdkVersion of greater than or equal to
31.
Enables checks to stop apps from inserting and updating to private files via media provider.
ENABLE_DEFERRED_SCAN
targetSdkVersion of greater than or equal to
31.
Enable option to defer the scan triggered as part of MediaProvider#update()
ENABLE_GET_CALL_STATE_PERMISSION_PROTECTION
targetSdkVersion of greater than or equal to
31.
Enable READ_PHONE_STATE protection on APIs querying and notifying call state, such as TelecomManager#getCallState, TelephonyManager.getCallStateForSubscription(), and TelephonyCallback.CallStateListener.
ENABLE_GET_PHONE_ACCOUNT_PERMISSION_PROTECTION
targetSdkVersion of greater than or equal to
31.
Enable READ_PHONE_NUMBERS or READ_PRIVILEGED_PHONE_STATE protections on getPhoneAccount(PhoneAccountHandle).
ENABLE_INCLUDE_ALL_VOLUMES
targetSdkVersion of greater than or equal to
31.
Enable option to include database rows of files from recently unmounted volume in MediaProvider#query
ENABLE_RAW_MANAGE_EXTERNAL_STORAGE_ACCESS
targetSdkVersion of greater than or equal to
31.
Allow apps holding Manifest.permission.MANAGE_EXTERNAL_STORAGE permission to request raw external storage access.
ENABLE_RAW_SYSTEM_GALLERY_ACCESS
targetSdkVersion of greater than or equal to
30.
Allow apps holding android.app.role#SYSTEM_GALLERY role to request raw external storage access.
ENFORCE_MINIMUM_WINDOW_ON_INEXACT_ALARMS
targetSdkVersion of greater than or equal to
31.
For apps targeting Build.VERSION_CODES.S or above, all inexact alarms will require to have a minimum window size, expected to be on the order of a few minutes. Practically, any alarms requiring smaller windows are the same as exact alarms and should use the corresponding APIs provided, like setExact(int, long, PendingIntent), et al. Inexact alarm with shorter windows specified will have their windows elongated by the system.
ENFORCE_NATIVE_SHARED_LIBRARY_DEPENDENCIES
targetSdkVersion of greater than or equal to
31.
Apps targeting Android S and above need to declare dependencies to the public native shared libraries that are defined by the device maker using uses-native-library tag in its AndroidManifest.xml. If any of the dependencies cannot be satisfied, i.e. one of the dependency doesn't exist, the package manager rejects to install the app. The dependency can be specified as optional using android:required attribute in the tag, in which case failing to satisfy the dependency doesn't stop the installation.
Once installed, an app is provided with only the native shared libraries that are specified in the app manifest. dlopening a native shared library that doesn't appear in the app manifest will fail even if it actually exists on the device.
ENFORCE_STRICT_QUERY_BUILDER
The SQLiteQueryBuilder will now verify all CalendarProvider2 query selections against malicious arguments.
FGS_BG_START_RESTRICTION_CHANGE_ID
targetSdkVersion of greater than or equal to
31.
The BG-launch FGS restriction feature is going to be allowed only for apps targetSdkVersion is higher than R.
FGS_START_EXCEPTION_CHANGE_ID
targetSdkVersion of greater than or equal to
31.
If a service can not become foreground service due to BG-FGS-launch restriction or other reasons, throws an IllegalStateException.
FILTER_APPLICATION_QUERY
targetSdkVersion of greater than or equal to
30.
Apps targeting Android R and above will need to declare the packages and intents they intend to use to get details about other apps on a device. Such declarations must be made via the <queries> tag in the manifest.
FINISH_INPUT_NO_FALLBACK_CONNECTION
targetSdkVersion of greater than or equal to
31.
Finish the InputConnection when the device becomes non-interactive.
If enabled by the current input method, the current input connection will be finished whenever the devices becomes non-interactive.
If not enabled, the current input connection will instead be silently deactivated when the devices becomes non-interactive, and an onFinishInput() onStartInput() pair is dispatched when the device becomes interactive again.
FORCE_DISABLE_HEVC_SUPPORT
Force disable an app from supporting the HEVC media capability Apps should declare their supported media capabilities in their manifest but this flag can be used to force an app into not supporting HEVC, hence forcing transcoding while accessing media encoded in HEVC. Setting this flag will override any OS level defaults for apps. It is disabled by default, meaning that the OS defaults would take precedence. Setting this flag and FORCE_ENABLE_HEVC_SUPPORT is an undefined state and will result in the OS ignoring both flags.
FORCE_ENABLE_HEVC_SUPPORT
Force enable an app to support the HEVC media capability Apps should declare their supported media capabilities in their manifest but this flag can be used to force an app into supporting HEVC, hence avoiding transcoding while accessing media encoded in HEVC. Setting this flag will override any OS level defaults for apps. It is disabled by default, meaning that the OS defaults would take precedence. Setting this flag and FORCE_DISABLE_HEVC_SUPPORT is an undefined state and will result in the OS ignoring both flags.
FORCE_ENABLE_SCOPED_STORAGE
Setting this flag strictly enforces Scoped Storage regardless of:
- The value of Target Sdk
- The value of `requestLegacyExternalStorage` in AndroidManifest.xml
- The value of `preserveLegacyExternalStorage` in AndroidManifest.xml
DEFAULT_SCOPED_STORAGE should also be enabled for apps to be enforced into scoped storage. Note: This flag is also used in com.android.providers.media.LocalCallingIdentity. Any modifications to this flag should be reflected there as well. See https://developer.android.com/training/data-storage#scoped-storage for more information.
FORCE_NON_RESIZE_APP
This change id forces the packages it is applied to to be non-resizable.
FORCE_RESIZE_APP
This change id forces the packages it is applied to be resizable. It won't change whether the app can be put into multi-windowing mode, but allow the app to resize when the window container resizes, such as display size change.
GET_DATA_CONNECTION_STATE_R_VERSION
targetSdkVersion of greater than or equal to
30.
Used for checking if the SDK version for PreciseDataConnectionState#getDataConnectionState is above Q.
GET_DATA_STATE_R_VERSION
targetSdkVersion of greater than or equal to
30.
Used for checking if the SDK version for getDataState() is above Q.
GET_PROVIDER_SECURITY_EXCEPTIONS
targetSdkVersion of greater than or equal to
30.
For apps targeting Android R and above, getProvider(String) will no longer throw any security exceptions.
GET_TARGET_SDK_VERSION_CODE_CHANGE
targetSdkVersion of greater than or equal to
29.
To check the SDK version for SmsManager.sendResolverResult method.
GWP_ASAN
Enable sampled memory bug detection in the app. @see GWP-ASan.
HIDE_MAXTARGETSDK_P_HIDDEN_APIS
targetSdkVersion of greater than or equal to
29.
Gating access to greylist-max-p APIs.
HIDE_MAXTARGETSDK_Q_HIDDEN_APIS
targetSdkVersion of greater than or equal to
30.
Gating access to greylist-max-q APIs.
HIDE_PROP_ICUBINARY_DATA_PATH
targetSdkVersion of greater than or equal to
31.
Remove "android.icu.impl.ICUBinary.dataPath" property for apps targeting S+. The ICU data path should not visible to the apps.
IGNORE_ALLOW_BACKUP_IN_D2D
targetSdkVersion of greater than or equal to
31.
When this change is enabled, android:allowBackup is ignored for apps during D2D (device-to-device) migrations.
IGNORE_FULL_BACKUP_CONTENT_IN_D2D
targetSdkVersion of greater than or equal to
31.
When this change is enabled, include / exclude rules specified via android:fullBackupContent are ignored during D2D transfers.
IME_AUTOFILL_DEFAULT_SUPPORTED_LOCALES_IS_EMPTY
targetSdkVersion of greater than or equal to
31.
The getSupportedLocales() now returns empty locale list when it's not set, instead of the default system locale.
IS_BACKUP_SERVICE_ACTIVE_ENFORCE_PERMISSION_IN_SERVICE
targetSdkVersion of greater than or equal to
31.
If this change is enabled, the BACKUP permission needed for isBackupServiceActive() will be enforced on the service end rather than client-side in BackupManager.
KEYSTORE_OPERATION_CREATION_MAY_FAIL
Keystore operation creation may fail Keystore used to work under the assumption that the creation of cryptographic operations always succeeds. However, the KeyMint backend has only a limited number of operation slots. In order to keep up the appearance of "infinite" operation slots, the Keystore daemon would prune least recently used operations if there is no available operation slot. As a result, good operations could be terminated prematurely. This opens AndroidKeystore up to denial-of-service and unintended livelock situations. E.g.: if multiple apps wake up at the same time, e.g., due to power management optimizations, and attempt to perform crypto operations, they start terminating each others operations without making any progress. To break out of livelocks and to discourage DoS attempts we have changed the pruning strategy such that it prefers clients that use few operation slots and only briefly. As a result we can, almost, guarantee that single operations that don't linger inactive for more than 5 seconds will conclude unhampered by the pruning strategy. "Almost", because there are operations related to file system encryption that can prune even these operations, but those are extremely rare. As a side effect of this new pruning strategy operation creation can now fail if the client has a lower pruning power than all of the existing operations. Pruning strategy To find a suitable candidate we compute the malus for the caller and each existing operation. The malus is the inverse of the pruning power (caller) or pruning resistance (existing operation). For the caller to be able to prune an operation it must find an operation with a malus higher than its own. For more detail on the pruning strategy consult the implementation at https://android.googlesource.com/platform/system/security/+/refs/heads/master/keystore2/src/operation.rs For older SDK version, KeyStore2 will poll the Keystore daemon for a free operation slot. So to applications, targeting earlier SDK versions, it will still look like cipher and signature object initialization always succeeds, however, it may take longer to get an operation. All SDK version benefit from fairer operation slot scheduling and a better chance to successfully conclude an operation.
LISTEN_CODE_CHANGE
targetSdkVersion of greater than or equal to
29.
To check the SDK version for listenFromListener(int, String, String, PhoneStateListener, int, boolean).
LOCK_DOWN_CLOSE_SYSTEM_DIALOGS
targetSdkVersion of greater than or equal to
31.
Intent Intent.ACTION_CLOSE_SYSTEM_DIALOGS is too powerful to be unrestricted. So, apps targeting Build.VERSION_CODES.S or higher will crash if they try to send such intent and don't have permission android.permission.BROADCAST_CLOSE_SYSTEM_DIALOGS. Note that this is the more restrict version of #DROP_CLOSE_SYSTEM_DIALOGS that expects the app to stop sending aforementioned intent once it bumps its targetSdk to Build.VERSION_CODES.S or higher.
LOCK_DOWN_COLLAPSE_STATUS_BAR
targetSdkVersion of greater than or equal to
31.
Apps targeting Build.VERSION_CODES.S or higher need Manifest.permission.STATUS_BAR permission to collapse the status bar panels due to security reasons. This was being exploited by malware to prevent the user from accessing critical notifications.
LOW_POWER_EXCEPTIONS
targetSdkVersion of greater than or equal to
31.
For apps targeting Android S and above, all LocationRequest objects marked as low power will throw exceptions if the caller does not have the LOCATION_HARDWARE permission, instead of silently dropping the low power part of the request.
MISSING_APP_TAG
targetSdkVersion of greater than or equal to
30.
Missing an "application" or "instrumentation" tag.
MISSING_EXPORTED_FLAG
targetSdkVersion of greater than or equal to
31.
Missing `android:exported` flag. When an intent filter is defined, an explicit value for the android:exported flag is required.
NATIVE_HEAP_POINTER_TAGGING
targetSdkVersion of greater than or equal to
30.
Native heap allocations will now have a non-zero tag in the most significant byte. @see Tagged Pointers
NATIVE_HEAP_ZERO_INIT
Enable automatic zero-initialization of native heap memory allocations.
NATIVE_MEMTAG_ASYNC
Enable asynchronous (ASYNC) memory tag checking in this process. This flag will only have an effect on hardware supporting the ARM Memory Tagging Extension (MTE).
NATIVE_MEMTAG_SYNC
Enable synchronous (SYNC) memory tag checking in this process. This flag will only have an effect on hardware supporting the ARM Memory Tagging Extension (MTE). If both NATIVE_MEMTAG_ASYNC and this option is selected, this option takes preference and MTE is enabled in SYNC mode.
NEVER_SANDBOX_DISPLAY_APIS
This change id forces the packages it is applied to never have Display API sandboxing applied for a letterbox or SCM activity. The Display APIs will continue to provide DisplayArea bounds.
NOTIFICATION_CANCELLATION_REASONS
targetSdkVersion of greater than or equal to
31.
Whether a notification listeners can understand new, more specific, cancellation reasons.
NOTIFICATION_TRAMPOLINE_BLOCK
targetSdkVersion of greater than or equal to
31.
Activity starts coming from broadcast receivers or services in response to notification and notification action clicks will be blocked for UX and performance reasons. Instead start the activity directly from the PendingIntent.
NULL_TELEPHONY_THROW_NO_CB
targetSdkVersion of greater than or equal to
31.
Used for checking if the target SDK version for the current process is S or above.
Applies to the following methods: requestCellInfoUpdate(Executor, TelephonyManager.CellInfoCallback), setPreferredOpportunisticDataSubscription(int, boolean, Executor, Consumer, updateAvailableNetworks(List, requestNumberVerification(), setSimPowerStateForSlot(),
OVERRIDE_MIN_ASPECT_RATIO
This change id is the gatekeeper for all treatments that force a given min aspect ratio. Enabling this change will allow the following min aspect ratio treatments to be applied: OVERRIDE_MIN_ASPECT_RATIO_MEDIUM OVERRIDE_MIN_ASPECT_RATIO_LARGE If OVERRIDE_MIN_ASPECT_RATIO is applied, the min aspect ratio given in the app's manifest will be overridden to the largest enabled aspect ratio treatment unless the app's manifest value is higher.
OVERRIDE_MIN_ASPECT_RATIO_LARGE
This change id sets the activity's min aspect ratio to a large value as defined by OVERRIDE_MIN_ASPECT_RATIO_LARGE_VALUE. This treatment only takes effect if OVERRIDE_MIN_ASPECT_RATIO is also enabled.
OVERRIDE_MIN_ASPECT_RATIO_MEDIUM
This change id sets the activity's min aspect ratio to a medium value as defined by OVERRIDE_MIN_ASPECT_RATIO_MEDIUM_VALUE. This treatment only takes effect if OVERRIDE_MIN_ASPECT_RATIO is also enabled.
PENDING_INTENT_EXPLICIT_MUTABILITY_REQUIRED
targetSdkVersion of greater than or equal to
31.
It is now required to specify either FLAG_IMMUTABLE or FLAG_MUTABLE when creating a PendingIntent.
PHONE_STATE_LISTENER_LIMIT_CHANGE_ID
This change enables a limit on the number of TelephonyCallback objects any process may register via TelephonyManager.registerTelephonyCallback(Executor, TelephonyCallback). The default limit is 50, which may change via remote device config updates. This limit is enforced via an IllegalStateException thrown from TelephonyManager.registerTelephonyCallback(Executor, TelephonyCallback) when the offending process attempts to register one too many callbacks.
PREVENT_META_REFLECTION_BLOCKLIST_ACCESS
targetSdkVersion of greater than or equal to
30.
Remove meta-reflection workaround for hidden api usage for apps targeting R+. This allowed apps to obtain references to blocklist fields and methods through an extra layer of reflection.
PREVENT_SETTING_PASSWORD_QUALITY_ON_PARENT
targetSdkVersion of greater than or equal to
31.
Admin apps targeting Android S+ may not use DevicePolicyManager.setPasswordQuality(ComponentName, int) to set password quality on the DevicePolicyManager instance obtained by calling DevicePolicyManager.getParentProfileInstance(ComponentName). Instead, they should use DevicePolicyManager.setRequiredPasswordComplexity(int) to set coarse-grained password requirements device-wide.
PROCESS_CAPABILITY_CHANGE_ID
targetSdkVersion of greater than or equal to
30.
Flag Context.BIND_INCLUDE_CAPABILITIES is used to pass while-in-use capabilities from client process to bound service. In targetSdkVersion R and above, if client is a TOP activity, when this flag is present, bound service gets all while-in-use capabilities; when this flag is not present, bound service gets no while-in-use capability from client.
RATE_LIMIT_TOASTS
Rate limit showing toasts, on a per package basis. It limits the number of Toast.show() calls to prevent overburdening the user with too many toasts in a limited time. Any attempt to show more toasts than allowed in a certain time frame will result in the toast being discarded.
REMOVE_ANDROID_TEST_BASE
targetSdkVersion of greater than or equal to
30.
Remove android.test.base library for apps that target SDK R or more and do not depend on android.test.runner (as it depends on classes from the android.test.base library).
REQUEST_ACCESSIBILITY_BUTTON_CHANGE
targetSdkVersion of greater than or equal to
30.
For accessibility services targeting APIs greater than API 29, FLAG_REQUEST_ACCESSIBILITY_BUTTON must be specified in the accessibility service metadata file. Otherwise, it will be ignored.
REQUIRE_EXACT_ALARM_PERMISSION
targetSdkVersion of greater than or equal to
31.
For apps targeting Build.VERSION_CODES.S or above, any APIs setting exact alarms, e.g. setExact(int, long, PendingIntent), setAlarmClock(AlarmClockInfo, PendingIntent) and others will require holding a new permission Manifest.permission.SCHEDULE_EXACT_ALARM
REQUIRE_READ_PHONE_STATE_PERMISSION_FOR_ACTIVE_DATA_SUB_ID
targetSdkVersion of greater than or equal to
31.
To check the SDK version for TelephonyCallback.ActiveDataSubscriptionIdListener should add Manifest.permission.READ_PHONE_STATE since Android 12.
REQUIRE_READ_PHONE_STATE_PERMISSION_FOR_CELL_INFO
targetSdkVersion of greater than or equal to
31.
To check the SDK version for TelephonyCallback.CellInfoListener should add Manifest.permission.READ_PHONE_STATE since Android 12.
REQUIRE_READ_PHONE_STATE_PERMISSION_FOR_DISPLAY_INFO
targetSdkVersion of greater than or equal to
31.
To check the SDK version for TelephonyCallback.DisplayInfoListener should remove Manifest.permission.READ_PHONE_STATE since Android 12.
RESOURCES_ARSC_COMPRESSED
targetSdkVersion of greater than or equal to
30.
The resources.arsc of one of the APKs being installed is compressed or not aligned on a 4-byte boundary. Resource tables that cannot be memory mapped exert excess memory pressure on the system and drastically slow down construction of Resources objects.
RESTRICT_ADB_BACKUP
targetSdkVersion of greater than or equal to
31.
When this change is enabled, adb backup is automatically turned on for apps running as debuggable (android:debuggable set to true) and unavailable to any other apps.
RESTRICT_DOMAINS
targetSdkVersion of greater than or equal to
31.
With the updated form of the app links verification APIs, an app will be required to declare domains inside an intent filter which includes all of the following:
- - android:autoVerify="true"
- - Intent.ACTION_VIEW
- - Intent.CATEGORY_BROWSABLE
- - Intent.CATEGORY_DEFAULT
- - Only IntentFilter.SCHEME_HTTP and/or IntentFilter.SCHEME_HTTPS, with no other schemes
On prior versions of Android, Intent.CATEGORY_BROWSABLE was not a requirement, other schemes were allowed, and setting autoVerify to true in any intent filter would implicitly pretend that all intent filters were set to autoVerify="true".
RESTRICT_STORAGE_ACCESS_FRAMEWORK
targetSdkVersion of greater than or equal to
30.
We support restrict Storage Access Framework from Build.VERSION_CODES.R. App Compatibility flag that indicates whether the app should be restricted or not. This flag is turned on by default for all apps targeting > Build.VERSION_CODES.Q.
RUN_NATIVE_NSD_ONLY_IF_LEGACY_APPS
targetSdkVersion of greater than or equal to
31.
When enabled, apps targeting < Android 12 are considered legacy for the NSD native daemon. The platform will only keep the daemon running as long as there are any legacy apps connected. After Android 12, directly communicate with native daemon might not work since the native damon won't always stay alive. Use the NSD APIs from NsdManager as the replacement is recommended. An another alternative could be bundling your own mdns solutions instead of depending on the system mdns native daemon.
SECURITY_EXCEPTION_ON_INVALID_ATTRIBUTION_TAG_CHANGE
targetSdkVersion of greater than or equal to
31.
Enforce that all attributionTags send to noteOp(String, int, String), noteProxyOp(String, String), and startOp(String, int, String) are defined in the manifest of the package that is specified as parameter to the methods.
To enable this change both the package calling noteOp(String, int, String) as well as the package specified as parameter to the method need to have this change enable.
SELINUX_LATEST_CHANGES
targetSdkVersion of greater than or equal to
31.
Allows opt-in to the latest targetSdkVersion enforced changes without changing target SDK. Turning this change off for an app targeting the latest SDK is a no-op.
Has no effect for apps using shared user id. TODO(b/143539591): Update description with relevant SELINUX changes this opts in to.
SELINUX_R_CHANGES
targetSdkVersion of greater than or equal to
30.
This change gates apps access to untrusted_app_R-targetSDK SELinux domain. Allows opt-in to R targetSdkVersion enforced changes without changing target SDK. Turning this change off for an app targeting S is a no-op.
Has no effect for apps using shared user id. TODO(b/143539591): Update description with relevant SELINUX changes this opts in to.
SETTINGS_API_V2
The new user preference API for verifying domains marked autoVerify=true in AndroidManifest.xml intent filters is not yet implemented in the current platform preview. This is anticipated to ship before S releases. For now, it is possible to preview the new user preference changes by enabling this ChangeId and using the adb shell pm set-app-links-user-selection and similar commands.
THROW_EXCEPTION_ON_REQUIRE_INSTALL_PACKAGES_TO_ADD_INSTALLER_PACKAGE
targetSdkVersion of greater than or equal to
30.
Adding an installer package name to a package that does not have one set requires the INSTALL_PACKAGES permission. If the caller targets R, this will throw a SecurityException. Otherwise the request will fail silently. In both cases, and regardless of whether this change is enabled, the installer package will remain unchanged.
THROW_SECURITY_EXCEPTIONS
targetSdkVersion of greater than or equal to
30.
Pre R a SecurityException would only be thrown by setEnabled APIs (e .g. setEnabled(String, boolean, UserHandle)) for a permission error. Since R this no longer holds true, and SecurityException can be thrown for any number of reasons, none of which are exposed to the caller.
To maintain existing API behavior, if a legacy permission failure or actor enforcement failure occurs for an app not yet targeting R, coerce it into an IllegalStateException, which existed in the source prior to R.
USE_REAL_ROOT_LOCALE
targetSdkVersion of greater than or equal to
30.
Since Android 11, formatter classes, e.g. java.text.SimpleDateFormat, no longer provide English data when Locale.ROOT format is requested. Please use Locale.ENGLISH to format in English. Note that Locale.ROOT is used as language/country neutral locale or fallback locale, and does not guarantee to represent English locale. This flag is only for documentation and can't be overridden by app. Please use targetSdkVersion to enable the new behavior.
USE_SET_LOCATION_ENABLED
targetSdkVersion of greater than or equal to
30.
Admin apps targeting Android R+ may not use DevicePolicyManager.setSecureSetting(ComponentName, String, String) to change the deprecated Settings.Secure.LOCATION_MODE setting. Instead they should use DevicePolicyManager.setLocationEnabled(ComponentName, boolean).
USE_SHORT_FGS_USAGE_INTERACTION_TIME
targetSdkVersion of greater than or equal to
31.
For apps targeting S+, this determines whether to use a shorter timeout before elevating the standby bucket to ACTIVE when apps start a foreground service.
USE_STRETCH_EDGE_EFFECT_BY_DEFAULT
targetSdkVersion of greater than or equal to
1.
This sets the edge effect to use stretch instead of glow.