Apps targeting Android 12
source link: https://developer.android.com/about/versions/12/behavior-changes-12
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Behavior changes: Apps targeting Android 12
Like earlier releases, Android 12 includes behavior changes that may affect your app. The following behavior changes apply exclusively to apps that are targeting Android 12 or higher. If your app is targeting Android 12, you should modify your app to support these behaviors properly, where applicable.
The following table summarizes the key changes that affect your app if your app targets Android 12. Note that this table doesn't provide the complete set of changes.
With a few exceptions, apps can no longer start foreground services while running in the background. Attempts to do so throw an exception. Apps that start foreground services while the app is running in the background. App components containing intent filters must declare exported attribute
App components that include intent filters must explicitly set the
android:exported
attribute.
Apps that don't set the attribute cannot be installed on
Android 12.
Apps that declare the <intent-filter>
attribute in
their manifest files.
Unsafe launches of nested
intentsStrict mode testing now detects when your app uses nested intents in an unsafe way. Apps that launch another app, expecting a callback through an inner intent. Activities cannot be started from services or broadcast receivers that behave as notification trampolines
Apps cannot start activities from services or broadcast receivers that respond to notification taps. Apps that associate a notification tap with a service or broadcast receiver that tries to start an activity.
Be sure to also review the list of behavior changes that affect all apps running on Android 12.
User experience
Picture-in-picture behavior improvements
Android 12 introduces behavior improvements for picture-in-picture (PiP) mode. See Picture-in-picture improvements for more information.
Custom notifications deprecation
Android 12 changes the appearance and behavior of fully custom notifications. Previously, custom notifications were able to use the entire notification area and provide their own layouts and styles. This resulted in anti-patterns that could confuse users or cause layout compatibility issues on different devices.
For apps targeting Android 12, notifications with custom content views will no
longer use the full notification area; instead, the system applies a standard
template. This template ensures that custom notifications have the same
decoration as other notifications in all states, such as the notification's icon
and expansion affordances (in the collapsed state) and the notification's icon,
app name, and collapse affordance (in the expansion state). This behavior is
nearly identical to the behavior of
Notification.DecoratedCustomViewStyle
.
In this way, Android 12 makes all notifications visually consistent and easy to scan, with a discoverable, familiar notification expansion for users.
The following illustration shows a custom notification in the standard template:
The following examples show how custom notifications would render in a collapsed and an expanded state:
The change in Android 12 affects apps that define custom subclasses of
Notification.Style
, or which use
Notification.Builder
’s methods
setCustomContentView(RemoteViews)
,
setCustomBigContentView(RemoteViews)
,
and setCustomHeadsUpContentView(RemoteViews)
.
If your app is using fully custom notifications, we recommend testing with the new template as soon as possible.
Enable the custom notifications change:
- Change your app's
targetSdkVersion
toS
to enable the new behavior. - Recompile.
- Install your app on a device or emulator running Android 12.
- Change your app's
Test all notifications that use custom views, ensuring they look as you expect in the shade. While testing, take these considerations into account and make the necessary adjustments:
The dimensions of custom views have changed. In general, the height afforded to custom notifications is less than before. In the collapsed state, the maximum height of the custom content has decreased from 106dp to 48dp. Also, there is less horizontal space.
All notifications are expandable for apps targeting Android 12. Typically, this means if you're using
setCustomContentView
, you'll also want to usesetBigCustomContentView
to make sure collapsed and expanded states are consistent.To make sure that the "Heads Up" state looks as you expect, don’t forget to raise the importance of the notification channel to "HIGH" (Pops on screen).
Privacy
Motion sensors are rate-limited
To protect potentially sensitive information about users, if your app targets Android 12, the system places a limit of 200 Hz on the refresh rate of data from certain motion sensors and position sensors. This data includes values recorded by the device's accelerometer, gyroscope, and geomagnetic field sensor.
If your app targets Android 12 and needs to gather motion sensor
data at a higher rate, you must declare the
HIGH_SAMPLING_RATE_SENSORS
permission. Otherwise, if your app tries to gather motion sensor data at a
higher rate without declaring this permission, a
SecurityException
occurs.
Modern SameSite cookies in WebView
Android’s WebView component is based on Chromium, the open source project that powers Google’s Chrome browser. Over the last year, Chromium has introduced changes to the handling of third-party cookies to provide more security and privacy and offer users more transparency and control. These changes are already rolled out to many Chrome users, and starting with Android 12, the changes are now coming to WebView.
The SameSite
attribute of a cookie controls whether it can be sent with any
requests, or only with same-site requests. The base version of WebView in
Android 12 (version 89.0.4385.0) includes the following
privacy-protecting changes that improve the default handling of third-party
cookies and help protect against unintended cross-site sharing:
- Cookies without a
SameSite
attribute are treated asSameSite=Lax
. - Cookies with
SameSite=None
must also specify theSecure
attribute, meaning they require a secure context and should be sent over HTTPS. - Links between HTTP and HTTPS versions of a site are now treated as cross-site
requests, so cookies are not sent unless they are appropriately marked as
SameSite=None; Secure
.
For developers, the general guidance is to identify the cross-site cookie
dependencies in your critical user flows and ensure that the SameSite
attribute is explicitly set with the appropriate values where needed. You must
explicitly specify the cookies that are allowed to work across websites or
across same-site navigations that move from HTTP to HTTPS.
For complete guidance for web developers on these changes, see SameSite Cookies Explained and Schemeful SameSite.
Test SameSite behaviors in your app
If your app uses WebView, or if you manage a website or service that uses cookies, we recommend testing your flows on Android 12 WebView. If you find issues, you might need to update your cookies to support the new SameSite behaviors.
Watch for issues in logins and embedded content, as well as sign-in flows, purchasing, and other authentication flows where the user starts on an insecure page and transitions to a secure page.
To test an app with WebView, you must enable the new SameSite behaviors for the app that you want to test by completing either of the following steps:
Manually enable SameSite behaviors on the test device by toggling the UI flag webview-enable-modern-cookie-same-site in the WebView devtools.
This approach lets you test on any device running Android 5.0 (API level 21) or higher—including Android 12—and WebView version 89.0.4385.0 or higher.
Compile your app to target Android 12 by
targetSdkVersion
.If you use this approach, you must use a device that runs Android 12 and WebView version 89.0.4385.0 or higher.
For information on remote debugging for WebView on Android, see Get Started with Remote Debugging Android Devices.
Other resources
For more information about the SameSite modern behaviors and rollout to Chrome and WebView, visit the Chromium SameSite Updates page. If you find a bug in WebView or Chromium, you can report it in the public Chromium issue tracker.
ADB backup restriction
To help protect private app data, Android 12 changes the default
behavior of the adb backup
command. For apps that target
Android 12, when a user runs the adb backup
command, app data is
excluded from any other system data that is exported from the device.
If your testing or development workflows rely on app data using adb backup
,
you can now opt in to exporting your app's data by setting
android:debuggable
to true
in your app's manifest file.
android:debuggable
to false
before releasing your app.Security
Safer component exporting
If your app targets Android 12 and contains
activities,
services, or broadcast
receivers that use intent
filters, you must explicitly
declare the
android:exported
attribute
for these app components.
android:exported
, your app can't
be installed on a device that runs Android 12.The following code snippet shows an example of a service that contains an intent filter and is configured correctly for Android 12:
<service android:name="com.example.app.backgroundService"
android:exported="false">
<intent-filter>
<action android:name="com.example.app.START_BACKGROUND" />
</intent-filter>
</service>
Messages in Android Studio
If your app contains an activity, service, or broadcast receiver that uses
intent filters but doesn't declare android:exported
, the following warning
messages appear, depending on the version of Android Studio that you use:
Android Studio 2020.3.1 Canary 11 or later
The following messages appear:
The following lint warning appears in your manifest file:
When using intent filters, please specify android:exported as well
When you attempt to compile your app, the following build error message appears:
Manifest merger failed : Apps targeting Android 12 and higher are required \ to specify an explicit value for android:exported when the corresponding \ component has an intent filter defined.
Older versions of Android Studio
If you attempt to install the app, Logcat displays the following error message:
Installation did not succeed.
The application could not be installed: INSTALL_FAILED_VERIFICATION_FAILURE
List of apks:
[0] '.../build/outputs/apk/debug/app-debug.apk'
Installation failed due to: 'null'
Pending intents mutability
If your app targets Android 12, you must specify the mutability
of each PendingIntent
object that your
app creates. This additional requirement improves your app's security.
To declare that a given PendingIntent
object is mutable or immutable, use the
PendingIntent.FLAG_MUTABLE
or
PendingIntent.FLAG_IMMUTABLE
flag, respectively. If your app attempts to create a PendingIntent
object
without setting either mutability flag, the system throws an
IllegalArgumentException
, and
the following message appears in Logcat:
PACKAGE_NAME: Targeting S+ (version 10000 and above) requires that one of \
FLAG_IMMUTABLE or FLAG_MUTABLE be specified when creating a PendingIntent.
Strongly consider using FLAG_IMMUTABLE, only use FLAG_MUTABLE if \
some functionality depends on the PendingIntent being mutable, e.g. if \
it needs to be used with inline replies or bubbles.
Create immutable pending intents whenever possible
In most cases, your app should create immutable PendingIntent
objects, as
shown in the following code snippet. If a PendingIntent
object is immutable,
then an app cannot modify the intent to adjust the result of invoking the
intent.
val pendingIntent = PendingIntent.getActivity(applicationContext,
REQUEST_CODE, intent,
/* flags */ PendingIntent.FLAG_IMMUTABLE)
However, certain apps need to create mutable PendingIntent
objects instead:
- A direct reply action in a
notification requires a
change to the clip data in the
PendingIntent
object that's associated with the reply. Usually, you request this change by passingFILL_IN_CLIP_DATA
as a flag to thefillIn()
method. - If your app places a conversation in a bubble
using a
PendingIntent
, the intent should be mutable so that the system can apply the correct flags, such asFLAG_ACTIVITY_MULTIPLE_TASK
andFLAG_ACTIVITY_NEW_DOCUMENT
.
If your app creates a mutable PendingIntent
object, it's strongly recommended
that you use an explicit
intent and fill in the
ComponentName
. That way, whenever
another app invokes the PendingIntent
and passes control back to your app, the
same component in your app always starts.
Test the pending intent mutability change
To determine whether your app is missing mutability declarations, look for the following lint warning in Android Studio:
Warning: Missing PendingIntent mutability flag [UnspecifiedImmutableFlag]
During the Developer Preview, you can disable this system behavior for testing
purposes by turning off the
PENDING_INTENT_EXPLICIT_MUTABILITY_REQUIRED
app compatibility flag.
Nested intent launches
To improve platform security, Android 12 provides a debugging feature that warns you if your app performs an unsafe launch of a nested intent. A nested intent is an intent that is passed as an extra in another intent. If your app performs both of the following actions, a StrictMode violation occurs.
- Your app unparcels a nested intent from the extras of a delivered intent.
- Your app immediately starts an app
component using that nested intent,
such as passing the intent into
startActivity()
,startService()
, orbindService()
.
Configure your app to detect unsafe launches of nested intents
To check for unsafe launches of nested intents in your app, call
detectUnsafeIntentLaunch()
when you configure your VmPolicy
, as shown in the following code snippet. If
your app detects a StrictMode violation, you might want to stop app execution to
protect potentially sensitive information.
detectAll()
method in its VmPolicy
definition, the detectUnsafeIntentLaunch()
method is
called automatically.fun onCreate() {
StrictMode.setVmPolicy(VmPolicy.Builder()
// Other StrictMode checks that you've previously added.
// ...
.detectUnsafeIntentLaunch()
.penaltyLog()
// Consider also adding penaltyDeath()
.build())
}
Use intents more responsibly
Your app might launch nested intents to navigate between components inside of your app, or to perform an action on behalf of another app. To minimize the chance of encountering a StrictMode violation in either situation, do the following:
- Internal launch of nested intent: Make sure that these components aren't exported.
Cross-app launch of nested intent: Use a
PendingIntent
instead of a nested intent. That way, when thePendingIntent
is unparceled out of its containingIntent
, an app component can launch thePendingIntent
using the identity of the calling process. This configuration allows a provider app to send a callback to any component, including a non-exported component, of the calling app.For more details on how to identify this situation and make changes to your app, read the blog post about Android Nesting Intents on Medium.
Performance
Foreground service launch restrictions
Apps that target Android 12 can no longer start foreground services while running in the background, except for a few special cases. If an app attempts to start a foreground service while running in the background, an exception occurs (except for the few special cases). Consider using WorkManager to schedule and start work while your app runs in the background.
To learn more about how your app is affected, and how you can update your app based on these changes, read the guide about foreground service launch restrictions. You can also look through the WorkManagerSample on GitHub.
Notification trampoline restrictions
When users interact with notifications, some apps respond to notification taps by launching an app component that eventually starts the activity that the user finally sees and interacts with. This app component is known as a notification trampoline.
To improve app performance and UX, apps that target Android 12
cannot start activities from
services or
broadcast receivers that are used as
notification trampolines. In other words, after the user taps on a notification,
or an action button within
the notification, your app cannot call
startActivity()
inside of a service or broadcast receiver.
When your app tries to start an activity from a service or broadcast receiver that acts as a notification trampoline, the system prevents the activity from starting, and the following message appears in Logcat:
Indirect notification activity start (trampoline) from PACKAGE_NAME, \
this should be avoided for performance reasons.
Identify which app components act as notification trampolines
When testing your app, after you tap on a notification, you can identify which service or broadcast receiver acted as the notification trampoline in your app. To do so, look at output of the following terminal command:
adb shell dumpsys activity service \ com.android.systemui/.dump.SystemUIAuxiliaryDumpService
A section of the output includes the text "NotifInteractionLog". This section contains the information that's necessary to identify the component that starts as the result of a notification tap.
Update your app
If your app starts an activity from a service or broadcast receiver that acts as a notification trampoline, complete the following migration steps:
- Create a
PendingIntent
object that is associated with the activity that users see after they tap on the notification. - Use the
PendingIntent
object that you created in the previous step as part of building your notification.
Toggle the behavior
When testing your app during the Developer Preview, you can enable and disable
this restriction using the NOTIFICATION_TRAMPOLINE_BLOCK
app compatibility
flag.
Updated non-SDK restrictions
Android 12 includes updated lists of restricted non-SDK interfaces based on collaboration with Android developers and the latest internal testing. Whenever possible, we make sure that public alternatives are available before we restrict non-SDK interfaces.
If your app does not target Android 12, some of these changes might not immediately affect you. However, while you can currently use some non-SDK interfaces (depending on your app's target API level), using any non-SDK method or field always carries a high risk of breaking your app.
If you are unsure if your app uses non-SDK interfaces, you can test your app to find out. If your app relies on non-SDK interfaces, you should begin planning a migration to SDK alternatives. Nevertheless, we understand that some apps have valid use cases for using non-SDK interfaces. If you cannot find an alternative to using a non-SDK interface for a feature in your app, you should request a new public API.
To learn more about the changes in this release of Android, see Updates to non-SDK interface restrictions in Android 12. To learn more about non-SDK interfaces generally, see Restrictions on non-SDK interfaces.
Recommend
-
120
cznic/99c: github.com/cznic/99c has moved to modernc.org/99c This repository has been archived by the owner. It is now read-only.
-
79
Evan Blass on Twitter: "Android P Developer Preview 1 is targeting a mid-month release."Don’t miss what’s happeningPeople on Twitter are the first to know.
-
46
-
52
README.md Browser-Pwn The world of Browsers is dominated by 4 major players: Chromium/Chrome (Blink-Engine) Firefox (Gecko-Engine)...
-
53
Vugu Vugu is an experimental library for web UIs written in Go and targeting webassembly. Guide and docs at http://www.vugu.org . Godoc at
-
40
badUSB targeting Android (aka rubber duck) This is a proof of concept of a badUSB attack targeting android, a Arduino is plugged into the phone's USB port (via OTG cable), then the Arduino is programmed to act as a keyboard, then...
-
3
When Google announced that Play Store apps must target SDK 30 by August, our team started investigating what it would take to meet this requirement. Now,...
-
38
Like earlier releases, Android 13 includes behavior changes that may affect your app. The following behavior changes apply exclusively to apps that are targeting Android 13 or higher. If your app is targeting Android 13 or higher, you should...
-
5
Google Warns of New Spyware Targeting iOS and Android UsersThe malware has been used to target people in Italy, Kazakhstan, and Syria, researchers at Google and Lookout have found.
-
7
Google researchers detail recently discovered campaigns targeting iOS, Android and Chrome
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK