One of the central themes for Android 11 has been protecting user privacy. On Android 10 and earlier, you could query the full set of installed apps using methods like queryIntentActivities(). Often, however, this approach provides much more access than most apps need to implement their functionality. To better protect user privacy, we updated how apps view and interact with other installed apps on Android 11.
To provide better accountability for access to installed apps, apps targeting Android 11 (API level 30) will see a filtered list of installed apps by default. The new <queries> element in your app or library’s Android manifest allows you to describe which other apps you might need to interact with. For more information about this change, check out our Medium post on package visibility in Android 11.
Android Studio and Gradle support
If you are using Android Gradle plugin 4.1+, your tools should work with the new <queries> declaration. However, older versions of the Android Gradle plugin are not aware of this new element. If you add the <queries> element or if you start relying on a library or SDK that supports targeting Android 11, you may encounter manifest merging errors. For example, when building your app you may see the following error in the Build Output Window:
Android resource linking failed
/Users/sample/AndroidStudioProjects/MyApp/app/build/intermediates/merged_manifests/debug/AndroidManifest.xml:18: error: unexpected element <queries> found in <manifest>
Alternatively, you may see an error in the Build Output Window that directs you to the Manifest merger logs:
Manifest merger failed with multiple errors, see logs
Upon expanding the Merged Manifest view you would then see an additional error:
Error: Missing 'package' key attribute on element package
Android Gradle plugin fixes
The best solution to deal with these errors is to upgrade to Android Gradle plugin 4.1 Beta.
We know that not everyone is ready to upgrade to the latest version, though, and you may be relying on old versions of Gradle or libraries that aren’t compatible with 4.1.
So, today we issued a set of dot releases for the Android Gradle plugin that are compatible with <queries>:
For example, if you are currently using Android Gradle plugin version 4.0.0, you can upgrade the version in your project-level build.gradle file:
Posted by Dirk Dougherty, Android Developer Relations This blog post is part of a weekly series for #11WeeksOfAndroid. Each week we’re diving into a key area of Android so you don’t miss anything. This week, we spotlighted Android 11 Compatibility; here’s a look at what you should know.
The big news
With Beta 2 now in the hands of users and developers, Android 11 is moving quickly toward the final release later in Q3. For developers, now is the time to make sure your apps are ready! With that in mind, this week we highlighted some resources that can help you get started with app compatibility testing and use some of the new tools in Android 11. Here’s a quick rundown of topics that we covered.
Platform stability
In Android 11 we added a new release milestone called Platform Stability to clearly signal to developers that all APIs and system behaviors are complete. This week, with Beta 2, Android 11 reached Platform Stability, so it’s a great time to do your final compatibility testing and updates. The Beta 2 and Platform Stability blog post goes into more detail on what this milestone means for developers, and you can also read about it in the Android 11 timeline.
App compatibility
As we talked about in our Beta 2 post this week, Android 11 compatibility means that your app is validated to run properly on Android 11 with all of the functionality and features that users expect. To get started, all you need is your app and a device or emulator running Android 11.
When making sure an app is compatible, the goal is to test your app and make the minimum changes to maintain your app’s functionality on Android 11, then publish the compatible version to users by the Android 11 final release. In most cases you should be able to do this without changing your targetSdkVersion or compiling against the new APIs.
It isn’t just for apps and games either - if you develop SDKs, libraries, tools, or even frameworks, now is the time to test those against Android 11 and release a compatible version. App and game developers using your products could be blocked until they can get your Android 11 compatible versions.
For more details on app compatibility, take a look at the migration guide and the list of behavior changes that could affect your apps.
Tools for testing your apps
We highlighted some new tools for you to use as you get started with compatibility testing. Our blog post “Testing app compatibility in Android 11” went into the details.
First is the compatibility framework, a new feature that helps with managing the platform changes that can affect apps. It provides standard metadata for changes, standard gating based on targetSdkVersion, and standard log output to help you identify a change affecting your app. You can toggle behavioral changes in a debuggable app, either through Developer options in Settings or through adb. This helps you isolate changes and test against them individually.
Isolating regressions across devices and API levels can be time-consuming and complex. Now with Android Studio 4.2, you can run instrumentation tests in parallel across multiple physical or virtual devices at once, then compare all of the results in a single Test Matrix. You can run tests on more devices in less time, and catch issues earlier.
Android Generic System Image (GSI) is a great way to expand your Android 11 testing across a broader set of devices and we’ve released an updated Android GSI codelab to help you get started. Through GSI, you can install a generic version of Android 11 on any unlocked, Treble-compliant device that shipped with Android 9 or higher. This includes not only Pixel devices, but many other popular devices in use across the global Android ecosystem.
App compatibility toggles in Developer options.
Ecosystem updates and app compatibility
In our “Accelerating Android updates” blog post, we looked at how we’re continuing to get the latest OS to reach critical mass by expanding Android’s updatability architecture. With technology like Project Treble and Google Play system updates, we can deliver updates across more devices faster, and increase consistency across the ecosystem.
The work we’ve been doing with Project Treble is making it dramatically faster and easier to bring up new versions of Android on new and existing devices. It also makes it possible for device-makers to run their own Developer Preview programs, in some cases in parallel with Android’s own ongoing development. These programs help device makers get their OS updates ready sooner and engage earlier with the Android developer community.
With Google Play system updates (Project Mainline) the goal is to directly update core OS components across devices in the Android ecosystem to improve security, privacy, and consistency across the ecosystem. In Android 11, we’ve added more updatable modules to standardize behaviors in key app-facing areas such as permissions, media, NNAPI, and others.
Other improvements include a Generic Kernel Image (GKI) and Virtual A/B, a new over-the-air update mechanism that combines the benefits of seamless updates with smaller storage requirements. We’re working closely with device makers to bring these to Android 11 devices.
Over time, these will help reduce your development and testing costs to make your app compatible across platform versions and devices.
Taking center stage
A common reason for unexpected app compatibility issues is apps and games depending on Android non-SDK interfaces. In Android 11 we're continuing our long-term effort to move apps to using public APIs instead.
This week we highlighted Excelliance Tech, who recently moved their LeBian SDK away from non-SDK interfaces, toward stable, official APIs. Their collaboration with the Android team also led to a new public API for resource loading that all developers can use - the ResourcesLoader API in Android 11.
Check out the Excelliance Tech story in this blog post.
The Excelliance Tech team.
What to watch
During Android 11 Compatibility week we posted three short videos to help you plan for compatibility and test your apps. View the playlist here.
The video below gives you a quick overview of Android’s annual release timeline and what the phases mean for developers.
Next, here’s a video that introduces the compatibility framework, a new testing and debugging feature for developers in Android 11. It shows what it is, why it is useful, and how to use it. You’ll walk through an example that shows how you’d enable a specific change, test your app with the change, and then look for the log output to help you identify the change that affected the app.
Last, this video takes you through a new feature in Android Studio that lets you run instrumentation tests in parallel on multiple devices. It shows you how to set up a device set, run tests on the devices, and then jump into the Text Matrix to compare and analyze results. It’s a great way to do your app compatibility testing in Android Studio.
Learning path
If you’re looking for an easy way to pick up the highlights of this week, check out the Compatibility pathway. A pathway is an ordered tutorial that allows users to complete a pre-defined module that culminates in a quiz. A badge is awarded to each user who passes the quiz and can be saved to your Google Developer Profile. Test your knowledge about Android 11 Compatibility to earn a limited edition Android 11 Compatibility badge.
Key takeaways
With each release, we’re working to reduce the impact of compatibility testing on your apps. In Android 11, we’ve added new processes, developer tools, and release milestones to make it easier. We hope the resources we provided this week are helpful as you get started with your compatibility testing. Here are this week’s key takeaways for developers:
Android 11 has reached Platform Stability and all app-facing APIs and behaviors are now complete.
App and game developers should start compatibility testing now and release updates by the Android 11 final release later this year.
SDK, library, and tool developers should complete testing and release compatible versions as soon as possible to avoid blocking downstream developers.
New tools and resources are available to help. See below for highlights and visit developer.android.com/11 for complete details.
Posted by Eddie Hsu (Technical Program Manager), Brent VerWeyst (Product Manager), Maya Ben Ari (Product Manager), Amith Dsouza (Technical Account Manager), Iliyan Malchev (Project Treble Architect)
Over the past few years we’ve introduced new capabilities that enable us to deliver updates more uniformly, quickly, and efficiently to Android devices. These capabilities include:
Oreo’s introduction of Project Treble created a system/vendor split for a much cleaner separation of OEM and SoC dependencies from the rest of the code base. This effort sped up the adoption of Android Pie by 2.5X. Every Android device that preloads the Google Play Store has been Treble compliant since that point.
In Pie, we started publishing the Generic System Images (GSI) so that developers can use them for app-compat testing on real hardware. Treble compliance means that every device is compatible with our GSIs, even if it does not ship with them. We also worked with our major partners to launch an OEM developer preview program. As a result, we saw a further 1.5X increase in the adoption of Android 10.
In Android 10, we started updating components of the OS directly via Google Play system updates (Project Mainline). Mainline provides security and privacy updates for the OS in a way that’s similar to apps – through Google Play. For example, in our most recent deployment, we directly updated 285 million devices with fixes for security vulnerabilities.
Google Play is also responsible for updating critical applications and services, such as authentication, push notifications, and Google Play Protect. A good example is the launch of the Exposure Notification API. Exposure Notifications are a tool to help public-health agencies in the fight against COVID-19. The API was deployed in May via Google Play to over 2 billion devices in the space of just 4 weeks.
Android 10 Adoption
Thanks to these efforts, the adoption of Android 10 has been faster than any previous versions of Android. Android 10 was running on 100 million devices 5 months post launch – 28% faster than Android Pie.
Updatability in Android 11
Below are the major themes in updatability this year:
OEM Developer Previews: In Android 11, device makers (OEMs) are continuing their developer previews ahead of the official launch. Seven OEMs have released Developer Preview builds on 13 devices to provide app developers with diverse hardware as they test for compatibility.
Google Play system update: 21 OS components are now updatable, including 9 additions in Android 11 focused on improving privacy, security, and developer consistency across devices. Highlights include an enhanced permissions component that standardizes user and developer access to critical privacy controls on Android devices, a Neural Networks API (NNAPI) component that optimizes performance and guarantees consistent APIs across devices, and a Tethering component for improved interoperability. The new updatable OS components in Android 11 are: Tethering, NNAPI, Cell Broadcast Receiver, adbd, Internet Key Exchange, Media Provider, statsd, WiFi, and SDK extension.
Generic Kernel Image: Our ongoing updatability work extends to the Linux kernel itself, with initiatives such as 6-year LTS support. In Android 11, we are further isolating common code in the Android Linux kernel to create a Generic Kernel Image (GKI) that works across all Android devices, as well as to enable faster security deployments. Stay tuned for a more detailed post on GKI in the coming months.
Virtual A/B: Most OS updates are not delivered via Google Play. Instead, they use separate third-party Over-the-Air (OTA) services that differ among the various OEMs. These services use a mechanism that, while very space efficient, has the disadvantage of being slow to apply, rendering the device inoperable for the duration. To solve this problem, in Android Nougat we launched a mechanism called "A/B OTA" (aka Seamless Updates). A/B OTAs have the advantage of appearing to be near-instant from the user's perspective, since they apply in the background and become active on the next reboot. However, they doubled the amount of storage reserved for the OS itself, limiting adoption among OEMs.
We’ve developed a new OTA mechanism – Virtual A/B – that combines the benefits of the previous two: being seamless from the user's perspective while requiring less storage. We are working closely with our OEM partners to begin implementing Virtual A/B in Android 11 devices, making OTAs as frictionless as possible. Going forward, Virtual A/B will be the only supported OTA mechanism in Android.
Looking to the Future
We’re excited by the increased adoption of Android and are grateful for the close collaborations with our chipset and OEM partners to deploy updates earlier. We continue to work on a number of enhancements in the platform and infrastructure to make it easier for developers and users to benefit from the latest versions of Android.
Reminder that the Android engineering team will host a Reddit AMA today at 12:00PM PST to answer your technical questions about Android 11. See this post for details and to submit your questions.
A few weeks ago we unwrapped the first Beta of Android 11 with a focus on people, controls, and privacy. As we highlighted in the #Android11Beta Launch, we’re making Android more people-centric and expressive, helping users control their smart devices, and giving them even more control over sensitive permissions. Developers can use APIs like Conversations, Bubbles, Device Controls, and Media Controls, to integrate these experiences into their apps.
Today we’re pushing out the second Beta of Android 11 for you to try. This release takes us to the Platform Stability milestone, which means that Android 11’s APIs and behaviors are finalized. For developers, it’s time to get started on your final compatibility updates and publish them in time for the official release later in Q3.
This week’s theme in #11 Weeks of Android is Android 11 Compatibility and we’ll be sharing helpful content and materials all week. You can find them on the #11 Weeks page or follow Android Developers on Twitter and Youtube.
You can get Beta 2 today on your Pixel 2, 3, 3a, and 4 device by enrolling here for over-the-air updates, and downloads are also available. If you previously enrolled for Beta 1, you will automatically get the over-the-air update. Let us know what you think, and thanks for the feedback you’ve provided so far!
Platform Stability
Beta 2 brings Android 11 to Platform Stability, a new release milestone that we added this year just for developers, based on your feedback.
Platform Stability means that all app-facing surfaces and behaviors are now final in Android 11. This includes not only final SDK and NDK APIs, but also final system behaviors and restrictions on non-SDK interfaces that may affect apps. So from Beta 2, you can release compatibility updates with confidence that the platform won’t change. More on the timeline is here.
With the platform now stable, we’re encouraging all app and gamedevelopers to start your final compatibility testing and publish your updates ahead of the final release.
For all SDK, library, tools, and game engine developers, it’s even more important to start testing now and release your compatible updates as soon as possible -- your downstream app and game developers may be blocked until they receive your updates. When you’ve released a compatible update, be vocal and let developers know!
Why app compatibility is important
For Android, the term app compatibility means that your app runs properly on a specific version of the platform, typically the latest version. You can check this right now by installing your production app on a device or emulator running Android 11. Just test all of the user flows and features, and if the app looks and runs properly, then you’re done, it’s compatible!
It sounds simple, but sometimes there’s more to it. With each release, we make integral changes that improve privacy and security, as well as implement changes that evolve the overall user experience across the OS. Sometimes these can affect your apps, so it’s important to take a look at the behavior changes and test against them, then publish the compatible update to users. It’s a basic but critical level of quality.
App compatibility comes into play as users update to the latest version of Android, whether they’ve purchased a new device or installed an update on their current device. They’re excited to explore the latest version of Android, and they want to experience it with their favorite apps. If the apps don’t work properly, it’s a major issue - for users and for all of us.
So while there are a ton of new APIs and capabilities to explore, and more changes to consider when you’re ready to change your app’s targeting, start by testing your current app and releasing a compatible update first.
Updates to Pixel and other devices will get started as soon as Android 11 reaches the final release to Android Open Source Project (AOSP), which we expect later in Q3. Multiple partner devices are also in active public previews now to support your compatibility testing.
Making app compatibility easier in Android 11
With each release, we’re working to reduce the work you’ll need to do to get your apps ready. In Android 11, we’ve added new processes, developer tools, and release milestones to minimize the impact of platform updates and make it easier for apps to stay compatible.
Minimizing the impact of behavior changes - we’re making a conscious effort to minimize platform changes that could affect apps by making them opt-in, wherever possible, until you set targetSdkVersion to Android 11 in your app. If you are distributing through Google Play, you’ll have more than a year to opt-in to these changes.
Easier testing and debugging - To help you test for compatibility, we’ve made many of the breaking changes toggleable - meaning that you can force-enable or disable the changes individually from Developer options or adb. With this change, there’s no longer a need to change targetSdkVersion or recompile your app for basic testing. Check out the details here.
App compatibility toggles in Developer options.
Restrictions on non-SDK interfaces - as part of our ongoing effort to gradually move developers away from non-SDK APIs, we’ve updated the lists of restricted non-SDK interfaces, and as always your feedback and requests for public API equivalents are welcome.
Dynamic resource loader - As part of their migration away from non-SDK interfaces, developers asked us for a public API to load resources and assets dynamically at runtime. We’ve now added a Resource Loader framework in Android 11, and thank you to the developers who gave us this input!
Platform stability milestone - As mentioned, this is a new milestone we’ve added to our release process to give developers a clear date for final changes. It includes not only final SDK/NDK APIs, but also final internal APIs and system behaviors that may affect apps.
Get your apps ready for Android 11!
Now that Android 11 is stable, make your apps compatible as soon as possible. Here’s how to do it.
For testing your current app, start with the behavior changes for all apps to see where it could be affected. Here are the top changes (these apply regardless of your app’s targetSdkVersion):
One-time permission - Users can now grant single-use permission to access location, device microphone and camera. Details here.
External storage access - Apps can no longer access other apps’ files in external storage. Details here.
Scudo hardened allocator - Now the heap memory allocator for native code in apps. Details here.
File descriptor sanitizer - Now enabled by default to detect file descriptor handling issues for native code in apps. Details here.
Remember to test the libraries and SDKs in your app for compatibility. If you find an issue, try updating to the latest version of the SDK, or reach out to the developer for help.
Scoped storage - New storage restrictions, behaviors, and APIs for apps reading and writing files. Details here.
Background location - Changes to how apps request background location and how users grant it. Details here.
Package visibility - Changes to how apps can query and interact with other installed apps. Details here.
Compressed resource files - Apps can’t be installed or updated if they contain a compressed resources.arsc file, or if the file is not aligned on a 4-byte boundary. Details here.
APK Signature Scheme v2 - Apps must now be signed using APK Signature Scheme v2 or higher. Details here.
Heap pointer tagging - For 64-bit processes, native heap allocations have a tag set in the top byte of the pointer that should not be modified by apps. Details here.
During testing, watch for uses of restricted non-SDK interfaces in your app and move those to public SDK equivalents instead. You can read about the restricted APIs here.
Explore the new features and APIs
As soon as you’re ready, dive into Android 11 and learn about the new experiences you can build. Our #Android11 Beta post has a recap of new features for developers, and you can also visit the Beta Launch page to see talks from the Android team on what’s new in their areas.
Android Studio also has new features for Android 11 also, to improve your productivity and workflow, such as ADB incremental for faster installs of large APKs, and additional nullability annotations on platform APIs. You can give these a try by downloading the latest Android Studio Beta or Canary version. Instructions for configuring Android Studio for Android 11 are here.
It’s easy! You can enroll here to get Android 11 Beta updates over-the-air for Pixel 2, 3, 3a, and 4 devices. Alternatively, give Android Flash Tool a try for easy on-demand updates, and downloadable system images are also available. If you don't have a Pixel device, you can use the Android Emulator in Android Studio or try a GSI image to run Android 11 on supported Treble-compliant devices.
This week in #11 Weeks of Android, we’re highlighting Android 11 Compatibility, a theme that’s important for all developers now that the platform has reached stability.
We’re sharing resources to help you with compatibility testing here, and you can follow Android Developers on Twitter and Youtube to catch helpful content and materials in this area all this week!
Also, the Android engineering team will host a Reddit AMA on r/androiddev tomorrow, July 9 at 12:00PM PST, to answer your technical questions about Android 11. See this post for details and to submit your questions.
This blogpost is a collaboration between Google and Excelliance Tech. Authored by Zhuo Chen with support from Zhihai Wang, Gao Huang from Excelliance Tech.
Excelliance Tech improved the stability and compatibility of their LeBian SDK by moving away from non-SDK APIs, toward stable, official APIs. Their collaboration with the Android team during the process also led to a new public API for resource loading that all developers can use - the ResourcesLoader API in Android 11.
Helping game developers keep users engaged
Games are becoming increasingly complex, and a loading progress bar is not only a countdown to a new adventure, but also a bridge which connects players and developers.
Players want the game to load right away, so "loading" has its own priorities: resources that will be used in the first few minutes need to be packed into the APK, while the rest of the content can be downloaded in the background after the game starts.
Developers are always creating new content for their games, so "change" is the only constant: different campaigns bring different launch screens and themes, keeping the game experience fresh for players.
Excelliance Tech’s LeBian (乐变) game assets streaming service helps game developers meet players’ needs by loading fresh resources dynamically while the game is loading or being played.
Meteor, Butterfly And a Sword (流星群侠传) by NetEase Games, Duoduo Auto Chess (多多自走棋) by Dragonest Game, Langrisser (梦幻模拟战) by ZlongGames, Junior Three Kingdom 2 (少年三国志 2) by Yoozoo Games - these games are created by different developers and have different look and feel, but one thing they have in common: they all use LeBian game streaming service to load resources.
The resource loading technology is so useful that Excelliance Tech is even using it in the LeBian SDK itself, bringing a better experience for developers. Dynamic resource loading makes the SDK much easier to use. By dynamically updating its internal resources when needed, the library doesn’t require developers to update the SDK for new resources.
Before Android 11 introduced the ResourcesLoader API, Excelliance Tech had to build their dynamic resource loading capability the hard way, using non-SDK interfaces.
Building the initial product
When Excelliance was first building their product, Android did not offer public APIs for the dynamic resource loading use-case. The team did what they could, but ended up using non-SDK interfaces to add the external resources. While this met the technical need initially, the implementation was fragile - it depended on non-SDK interfaces, which don’t have the same compatibility guarantees as official SDK APIs and can change without notice.
As a result, Excelliance found that compatibility issues would surface unexpectedly as new versions of Android were released. These required additional testing and development to assure the stability of the product. Over many iterations, it took the Excelliance team six engineer-months and a lot of code to stabilize their solution, while knowing that it might break again in the next Android release. With Android tightening restrictions on non-SDK interfaces to achieve better stability and app compatibility, relying on those non-SDK interfaces became no longer an option.
Working toward a sustainable solution
As the Android team increased its focus on moving apps to public APIs, Excelliance saw an opportunity to migrate to a stronger foundation. They reached out to the Android team to give their feedback and highlighted their use case and need for public SDK APIs.
Over time, their collaboration led to the development of the ResourcesLoader public API that’s available for the first time in Android 11. Excelliance Tech has already moved to the new ResourcesLoader API and they’ve seen better productivity and product quality as a result. Excelliance believes the ResourcesLoader API provides advantages including the following:
Easy to use. The development team migrated the solution to the new API in 2 days, testing included.
No performance loss. In some cases, the loading speed even increased because ResourcesLoader can load uncompressed resources much faster.
Easy to develop. Before using the ResourcesLoader API, the team had to assign a senior engineer to 1) understand how AssetManager works, 2) find private APIs and find out how they work on different Android versions, 3) learn zip file structure, etc. Now it only takes a junior engineer who can read the API documentation.
Much less code. Before the ResourcesLoader API, the solution took more than 1,000 lines of code, now it has less than 50 lines of code, with the essential code down to just a few lines.
Forward compatibility. By using official public APIs that will continue to be supported by the Android team, the developer’s solution will have much better compatibility on the future Android platforms.
String sdkroot = getApplicationInfo().dataDir + "/lebian";
ResourcesLoader rl = new ResourcesLoader();
rl.addProvider(ResourcesProvider.loadFromDirectory(sdkroot, null));
Resources res = getResources();
res.addLoaders(rl);
final AssetManager assetManager = res.getAssets();
After moving to the new ResourcesLoader API, the essential code has just a few lines (down from hundreds of lines of code across a number of source files).
Improving performance
Excelliance Tech did a comparison test, loading 16,028 files (uncompressed 1.47GB, compressed 1.36GB) in 4 ways:
Load resources directly from APK
Load resources using non-SDK interfaces
Load APK using ResourcesLoader
Load resources directly from a directory using ResourcesLoader
Resources are compressed in option 1, 2 and 3, and the average loading times are around 19 seconds. Option 4 loads uncompressed resources directly from a directory using ResourcesLoader, the average loading time is about 3 seconds - a 6x performance improvement!
Summarizing the overall impact of ResourcesLoader, Huang Gao, CEO & Product Lead at Excelliance Tech, said “The new ResourcesLoader API dramatically reduces development and maintenance costs and allows us to focus more on product and business innovation."
Co-creating the future
The Excelliance Tech team.
"On the Android platform, we've created some valuable products and services, which makes us want to invest more to create innovative products", Excelliance Tech stated, "We hope to have more opportunities to participate in the building of the Android ecosystem and contribute our efforts to make a better Android both for consumers and developers."
Excelliance Tech made an investment for the long-term compatibility of the LeBian SDK. Moving to the ResourcesLoader API has already yielded stability and performance benefits, reduced the complexity of their code, and reduced risks of future compatibility issues as Android rolls out new versions of the platform. The ResourcesLoader API is part of Android 11’s public APIs, benefitting the entire Android developer community.
This blogpost is a collaboration between Google and Excelliance Tech. Authored by Zhuo Chen with support from Zhihai Wang, Gao Huang from Excelliance Tech.
Excelliance Tech improved the stability and compatibility of their LeBian SDK by moving away from non-SDK APIs, toward stable, official APIs. Their collaboration with the Android team during the process also led to a new public API for resource loading that all developers can use - the ResourcesLoader API in Android 11.
Helping game developers keep users engaged
Games are becoming increasingly complex, and a loading progress bar is not only a countdown to a new adventure, but also a bridge which connects players and developers.
Players want the game to load right away, so "loading" has its own priorities: resources that will be used in the first few minutes need to be packed into the APK, while the rest of the content can be downloaded in the background after the game starts.
Developers are always creating new content for their games, so "change" is the only constant: different campaigns bring different launch screens and themes, keeping the game experience fresh for players.
Excelliance Tech’s LeBian (乐变) game assets streaming service helps game developers meet players’ needs by loading fresh resources dynamically while the game is loading or being played.
Meteor, Butterfly And a Sword (流星群侠传) by NetEase Games, Duoduo Auto Chess (多多自走棋) by Dragonest Game, Langrisser (梦幻模拟战) by ZlongGames, Junior Three Kingdom 2 (少年三国志 2) by Yoozoo Games - these games are created by different developers and have different look and feel, but one thing they have in common: they all use LeBian game streaming service to load resources.
The resource loading technology is so useful that Excelliance Tech is even using it in the LeBian SDK itself, bringing a better experience for developers. Dynamic resource loading makes the SDK much easier to use. By dynamically updating its internal resources when needed, the library doesn’t require developers to update the SDK for new resources.
Before Android 11 introduced the ResourcesLoader API, Excelliance Tech had to build their dynamic resource loading capability the hard way, using non-SDK interfaces.
Building the initial product
When Excelliance was first building their product, Android did not offer public APIs for the dynamic resource loading use-case. The team did what they could, but ended up using non-SDK interfaces to add the external resources. While this met the technical need initially, the implementation was fragile - it depended on non-SDK interfaces, which don’t have the same compatibility guarantees as official SDK APIs and can change without notice.
As a result, Excelliance found that compatibility issues would surface unexpectedly as new versions of Android were released. These required additional testing and development to assure the stability of the product. Over many iterations, it took the Excelliance team six engineer-months and a lot of code to stabilize their solution, while knowing that it might break again in the next Android release. With Android tightening restrictions on non-SDK interfaces to achieve better stability and app compatibility, relying on those non-SDK interfaces became no longer an option.
Working toward a sustainable solution
As the Android team increased its focus on moving apps to public APIs, Excelliance saw an opportunity to migrate to a stronger foundation. They reached out to the Android team to give their feedback and highlighted their use case and need for public SDK APIs.
Over time, their collaboration led to the development of the ResourcesLoader public API that’s available for the first time in Android 11. Excelliance Tech has already moved to the new ResourcesLoader API and they’ve seen better productivity and product quality as a result. Excelliance believes the ResourcesLoader API provides advantages including the following:
Easy to use. The development team migrated the solution to the new API in 2 days, testing included.
No performance loss. In some cases, the loading speed even increased because ResourcesLoader can load uncompressed resources much faster.
Easy to develop. Before using the ResourcesLoader API, the team had to assign a senior engineer to 1) understand how AssetManager works, 2) find private APIs and find out how they work on different Android versions, 3) learn zip file structure, etc. Now it only takes a junior engineer who can read the API documentation.
Much less code. Before the ResourcesLoader API, the solution took more than 1,000 lines of code, now it has less than 50 lines of code, with the essential code down to just a few lines.
Forward compatibility. By using official public APIs that will continue to be supported by the Android team, the developer’s solution will have much better compatibility on the future Android platforms.
String sdkroot = getApplicationInfo().dataDir + "/lebian";
ResourcesLoader rl = new ResourcesLoader();
rl.addProvider(ResourcesProvider.loadFromDirectory(sdkroot, null));
Resources res = getResources();
res.addLoaders(rl);
final AssetManager assetManager = res.getAssets();
After moving to the new ResourcesLoader API, the essential code has just a few lines (down from hundreds of lines of code across a number of source files).
Improving performance
Excelliance Tech did a comparison test, loading 16,028 files (uncompressed 1.47GB, compressed 1.36GB) in 4 ways:
Load resources directly from APK
Load resources using non-SDK interfaces
Load APK using ResourcesLoader
Load resources directly from a directory using ResourcesLoader
Resources are compressed in option 1, 2 and 3, and the average loading times are around 19 seconds. Option 4 loads uncompressed resources directly from a directory using ResourcesLoader, the average loading time is about 3 seconds - a 6x performance improvement!
Summarizing the overall impact of ResourcesLoader, Huang Gao, CEO & Product Lead at Excelliance Tech, said “The new ResourcesLoader API dramatically reduces development and maintenance costs and allows us to focus more on product and business innovation."
Co-creating the future
The Excelliance Tech team.
"On the Android platform, we've created some valuable products and services, which makes us want to invest more to create innovative products", Excelliance Tech stated, "We hope to have more opportunities to participate in the building of the Android ecosystem and contribute our efforts to make a better Android both for consumers and developers."
Excelliance Tech made an investment for the long-term compatibility of the LeBian SDK. Moving to the ResourcesLoader API has already yielded stability and performance benefits, reduced the complexity of their code, and reduced risks of future compatibility issues as Android rolls out new versions of the platform. The ResourcesLoader API is part of Android 11’s public APIs, benefitting the entire Android developer community.
This blogpost is a collaboration between Google and Excelliance Tech. Authored by Zhuo Chen with support from Zhihai Wang, Gao Huang from Excelliance Tech.
Excelliance Tech improved the stability and compatibility of their LeBian SDK by moving away from non-SDK APIs, toward stable, official APIs. Their collaboration with the Android team during the process also led to a new public API for resource loading that all developers can use - the ResourcesLoader API in Android 11.
Helping game developers keep users engaged
Games are becoming increasingly complex, and a loading progress bar is not only a countdown to a new adventure, but also a bridge which connects players and developers.
Players want the game to load right away, so "loading" has its own priorities: resources that will be used in the first few minutes need to be packed into the APK, while the rest of the content can be downloaded in the background after the game starts.
Developers are always creating new content for their games, so "change" is the only constant: different campaigns bring different launch screens and themes, keeping the game experience fresh for players.
Excelliance Tech’s LeBian (乐变) game assets streaming service helps game developers meet players’ needs by loading fresh resources dynamically while the game is loading or being played.
Meteor, Butterfly And a Sword (流星群侠传) by NetEase Games, Duoduo Auto Chess (多多自走棋) by Dragonest Game, Langrisser (梦幻模拟战) by ZlongGames, Junior Three Kingdom 2 (少年三国志 2) by Yoozoo Games - these games are created by different developers and have different look and feel, but one thing they have in common: they all use LeBian game streaming service to load resources.
The resource loading technology is so useful that Excelliance Tech is even using it in the LeBian SDK itself, bringing a better experience for developers. Dynamic resource loading makes the SDK much easier to use. By dynamically updating its internal resources when needed, the library doesn’t require developers to update the SDK for new resources.
Before Android 11 introduced the ResourcesLoader API, Excelliance Tech had to build their dynamic resource loading capability the hard way, using non-SDK interfaces.
Building the initial product
When Excelliance was first building their product, Android did not offer public APIs for the dynamic resource loading use-case. The team did what they could, but ended up using non-SDK interfaces to add the external resources. While this met the technical need initially, the implementation was fragile - it depended on non-SDK interfaces, which don’t have the same compatibility guarantees as official SDK APIs and can change without notice.
As a result, Excelliance found that compatibility issues would surface unexpectedly as new versions of Android were released. These required additional testing and development to assure the stability of the product. Over many iterations, it took the Excelliance team six engineer-months and a lot of code to stabilize their solution, while knowing that it might break again in the next Android release. With Android tightening restrictions on non-SDK interfaces to achieve better stability and app compatibility, relying on those non-SDK interfaces became no longer an option.
Working toward a sustainable solution
As the Android team increased its focus on moving apps to public APIs, Excelliance saw an opportunity to migrate to a stronger foundation. They reached out to the Android team to give their feedback and highlighted their use case and need for public SDK APIs.
Over time, their collaboration led to the development of the ResourcesLoader public API that’s available for the first time in Android 11. Excelliance Tech has already moved to the new ResourcesLoader API and they’ve seen better productivity and product quality as a result. Excelliance believes the ResourcesLoader API provides advantages including the following:
Easy to use. The development team migrated the solution to the new API in 2 days, testing included.
No performance loss. In some cases, the loading speed even increased because ResourcesLoader can load uncompressed resources much faster.
Easy to develop. Before using the ResourcesLoader API, the team had to assign a senior engineer to 1) understand how AssetManager works, 2) find private APIs and find out how they work on different Android versions, 3) learn zip file structure, etc. Now it only takes a junior engineer who can read the API documentation.
Much less code. Before the ResourcesLoader API, the solution took more than 1,000 lines of code, now it has less than 50 lines of code, with the essential code down to just a few lines.
Forward compatibility. By using official public APIs that will continue to be supported by the Android team, the developer’s solution will have much better compatibility on the future Android platforms.
String sdkroot = getApplicationInfo().dataDir + "/lebian";
ResourcesLoader rl = new ResourcesLoader();
rl.addProvider(ResourcesProvider.loadFromDirectory(sdkroot, null));
Resources res = getResources();
res.addLoaders(rl);
final AssetManager assetManager = res.getAssets();
After moving to the new ResourcesLoader API, the essential code has just a few lines (down from hundreds of lines of code across a number of source files).
Improving performance
Excelliance Tech did a comparison test, loading 16,028 files (uncompressed 1.47GB, compressed 1.36GB) in 4 ways:
Load resources directly from APK
Load resources using non-SDK interfaces
Load APK using ResourcesLoader
Load resources directly from a directory using ResourcesLoader
Resources are compressed in option 1, 2 and 3, and the average loading times are around 19 seconds. Option 4 loads uncompressed resources directly from a directory using ResourcesLoader, the average loading time is about 3 seconds - a 6x performance improvement!
Summarizing the overall impact of ResourcesLoader, Huang Gao, CEO & Product Lead at Excelliance Tech, said “The new ResourcesLoader API dramatically reduces development and maintenance costs and allows us to focus more on product and business innovation."
Co-creating the future
The Excelliance Tech team.
"On the Android platform, we've created some valuable products and services, which makes us want to invest more to create innovative products", Excelliance Tech stated, "We hope to have more opportunities to participate in the building of the Android ecosystem and contribute our efforts to make a better Android both for consumers and developers."
Excelliance Tech made an investment for the long-term compatibility of the LeBian SDK. Moving to the ResourcesLoader API has already yielded stability and performance benefits, reduced the complexity of their code, and reduced risks of future compatibility issues as Android rolls out new versions of the platform. The ResourcesLoader API is part of Android 11’s public APIs, benefitting the entire Android developer community.
This blog post is part of a weekly series for #11WeeksOfAndroid. For each #11WeeksOfAndroid, we’re diving into a key area so you don’t miss anything. This week, we’re spotlighting Android 11 compatibility; here’s a look at what you should know.
Android 11 compatibility week
This week in 11 Weeks of Android, we’re highlighting Android 11 Compatibility, a theme that’s important for all developers. For Android, the term app compatibility means that your app runs properly on a specific version of Android, typically the latest version.
We’re sharing resources to help you with compatibility testing here, and you can follow Android Developers on Twitter and Youtube to catch helpful content and materials in this area all this week!
Making app compatibility easier in Android 11
With each release, we’re working to reduce the work you’ll need to do to get your apps ready. In Android 11, we’ve added new processes, developer tools, and release milestones to minimize the impact of platform updates and make it easier for apps to stay compatible.
Minimizing the impact of behavior changes - we’re making a conscious effort to minimize platform changes that could affect apps by making them opt-in, wherever possible, until you set targetSdkVersion to Android 11 in your app. If you are distributing through Google Play, you’ll have more than a year to opt-in to these changes.
Easier testing and debugging - To help you test for compatibility, we’ve made many of the breaking changes toggleable - meaning that you can force-enable or disable the changes individually from Developer options or adb. With this change, there’s no longer a need to change targetSdkVersion or recompile your app for basic testing. We've also made it easier to use Android Studio to run automated tests.
Restrictions on non-SDK interfaces - as part of our ongoing effort to gradually move developers away from non-SDK APIs, we’ve updated the lists of restricted non-SDK interfaces, and as always your feedback and requests for public API equivalents are welcome.
Dynamic resource loader - As part of their migration away from non-SDK interfaces, developers asked us for a public API to load resources and assets dynamically at runtime. We’ve now added a Resource Loader framework in Android 11, and thank you to the developers who gave us this input!
You’ll hear more about these topics throughout the week. To get things started, read on to learn more about how we're making it easier to test and debug your app in Android 11.
Testing on Android 11
Testing your app for a new Android release can be a challenging task, especially when your app might be affected by multiple platform changes. Many questions can come up:
How do you determine which areas of your app might be affected?
Should you test by changing the targetSDKVersion, and what’s the easiest way to do so?
Once you begin testing, how do you isolate the issues that are causing problems?
As you develop and test against the latest version of Android, how do you verify that your app continues to provide a seamless experience across other devices with different form factors and lower API levels?
We've gotten a lot of great feedback from our developer community about these and other questions. In Android 11, we've added new tools to the platform and new features to Android Studio that can make the testing process a little easier for you.
New tools for testing platform changes
Like previous releases, Android 11 includes some changes in the Android platform that may impact your apps. Although these changes are critical to improve the platform, we try to minimize the immediate change to your apps by putting as many changes as possible behind the platform's latest targetSDKVersion. In Android 11, we've also added many of these platform changes to a new compatibility framework.
What is the compatibility framework?
When a change is part of the compatibility framework, you can access new developer tools that help you test and debug your app against that change.
For instance, changes that are part of the compatibility framework are toggleable, so you can force-enable or disable the changes individually, either from a device's developer options or using ADB (Android Debug Bridge). The Android platform automatically adapts its internal API logic, so you don't need to change your targetSDKVersion or recompile your app to perform basic testing. In addition, you can isolate individual changes from each other to lower the amount of time it takes to discover and debug issues in your app.
Choosing a change to test against
Before you start toggling changes on or off, you should read through the lists of behavior changes to determine which changes might affect your app. Changes that are part of the compatibility framework have a corresponding Change ID and Change Name listed before the description of the change.
Generally, we recommend that you start testing with behavior changes that affect all apps because those changes can potentially affect your app regardless of targetSDKVersion. However, let's take a look at a change that is gated by targetSDKVersion so that you can see how to test against these changes without recompiling your app with a different target SDK.
Take a look at the change to background location access. This change affects apps that request all-the-time access to background location. If your app is affected by this change, it might be a great candidate to start testing with. The change's name is BACKGROUND_RATIONALE_CHANGE_ID and the change's ID is 147316723. You'll use this information to enable this change before you test your app against it.
Isolate the change
After deciding which change you want to test against, you can toggle that change on or off using the developer options. To get to the developer options, open your device's Settings app and navigate to System > Advanced > Developer options > App Compatibility Changes.
Toggleable platform changes in the developer options with the background location access change enabled
In this case, the BACKGROUND_RATIONALE_CHANGE_ID is the only change that is enabled to minimize scope of possible causes for any issues that your app might encounter.
After enabling a change, you can test and debug your app using your typical testing workflows. If you encounter issues, check your logs to help determine the cause of the problem. If it's not clear whether the problem is caused by the platform change that's enabled, try disabling that change and then retest that area of your app.
New tools in Android Studio for testing app compatibility
In addition to manual testing on the new platform, we’ve also made it easier to use Android Studio to run automated tests on the latest OS.
Starting in Android Studio 4.2, instrumentation tests can now be run across multiple physical or virtual devices in parallel. When running tests, there’s now the option to select Multiple Devices in the target device dropdown menu.
This feature is designed to help you catch issues as early as possible in your development cycle and allow you to compare differences between different builds of Android. The results of these tests can be investigated using a new Test Matrix under View > Tool Windows > Run.
The new Test Matrix lets you filter your test results by status, device, and API level.
We encourage you to try out these new tools and send us feedback about how they're working for you. We hope these tools help make it easier for you to test your app for Android 11.
Also, the Android engineering team will host a Reddit AMA on r/androiddev thursday, July 9 at 12:00PM PST, to answer your technical questions about Android 11. See this post for details and to submit your questions.
This blogpost is a collaboration between Google and Viber. Authored by Kseniia Shumelchyk from Google and Anton Novikov, Sergey Kozlov from Viber.
As a messaging app, Viber needs to store, process and share a significant amount of data. Viber aims to give its users an easy, fast, reliable and secure communication platform by providing an intuitive interface and operating with files in a privacy-preserving way. We believe the modern scoped storage paradigm provides this foundation for app developers and users.
Scoped storage was introduced in Android 10 with further improvements in Android 11 to provide better protection to app and user data on a platform level. Due to Viber's complexity, the team opted to incrementally implement the changes that were required to comply with scoped storage.
In this article, we’ll share how Viber handled the migration to scoped storage, focusing on what they did to optimize working with media files and other data in the app.
Managing storage across Android versions
Android’s storage model has evolved to adapt to changing privacy considerations, leading to the changes in the storage system APIs. Let’s take a look at key platform changes that affected the legacy Viber implementation.
Media directories
Scoped storage changes the way that apps store and access files on a device's external storage. Viber needed to evaluate the differences between the existing app's storage model and updated platform guidelines, followed by gradual application changes to work with files in scoped storage. Therefore Viber invoked the requestLegacyExternalStorage flag to temporarily opt-out of scoped storage on Android 10 until the app was fully compatible.
In order to adjust their app experience to scoped storage, Viber now contributes public media files to well-defined media collections using the MediaStore API. This way, the files are accessible in a device gallery, and can be read by other apps with the storage permission. Private media files are stored in the app-specific directory on external storage and are accessed via the internal ContentProvider.
Storage permissions
The other notable update is related to changes in the storage permissions model: Apps in scoped storage have unrestricted access to their app-specific directories on external storage and can contribute to well-defined media collections without requesting a runtime permission. This change will help Viber provide more granular control to their users:
“This addition supports our efforts to provide our users with the best security and privacy solutions we can provide supported by the Android OS, users will benefit from this added security later without needing to opt-in. We also added a new ‘Save to gallery’ option allowing users to choose to make their photos readable by other apps or not. Because chats may contain private images or videos, it’s important to give users the ability to hide these files from the gallery. This change gives users additional control over the content included in their Viber messages.“ said Anton Novikov and Sergey Kozlov from Viber.
Accessing files outside of app-specific directory
Previously, Viber created and consumed files in a custom top level directory and depended on file path access. With scoped storage, saving app files to a top level directory became an anti-pattern, so Viber has followed best practices to update their implementation to store media files from the chats only in locations that are accessible in scoped storage.
However, to reduce the complexity of migration, Viber decided to keep their own top level directory for Android 10 and below, storing only the media files that are not exposed to the device’s Gallery app, while for Android 11 and above this directory is used in read-only mode to provide backward compatibility.
Another use case that Viber has been refining is sharing files in the chats. The updated storage runtime permission gives read access only to the images, videos and audio files that are available through MediaProvider. Starting from Android 11, the only way for Viber to access non-media files created by other apps is by using the Storage Access Framework document picker, which they had already utilized in a different part of their app.
App-specific files within external storage
In the scoped storage environment, app-specific directories on external storage are becoming private from other apps. This change has helped Viber leverage its use of external storage for storing private user files:
”We find change to app-specific directories to be useful, because it will help to ensure that personal chats are protected and backed with platform security.” said Anton Novikov from Viber. Learn more about how to access app-specific files.
Single interface to access storage
Because Viber targets a large audience running on Android 4.2 and above, they introduced an abstraction layer that aids them in managing storage access efficiently across all supported Android versions and with their use cases in mind.
Previously, Viber heavily used File API to access files, including files in legacy storage locations. Further, they stored absolute file paths for entries in the local database to keep the user's conversation history.
To standardize access to this conversation history and thus ensure that users don’t lose access to their files, Viber replaced absolute file paths with content URIs. In the new implementation, the app is accessing files only via content providers:
Internal FileProvider for Viber app-specific directories.
External file providers available in the Android framework, such as MediaStore or Storage Access Framework, or those belong to another app that shares files with Viber through Intent.ACTION_SEND.
By using a consistent ContentProvider layer, the ContentResolver gives the app a unified interface to access the file content.
This approach has also helped Viber optimize the network layer and define a universal Loader abstraction to upload/fetch and to read/store different types of media files like voice messages, chat images and stickers.
Summary
Android 11 further enhances scoped storage, which provides better protection of app and user data and makes the transition easier for developers. It’s amazing to see many apps like Viber are migrating to take advantage of scoped storage since Android 10.
We hope Viber’s story is useful and will inspire you to modernize your Android apps as well. Learn more about Android storage use cases and best practices.
In Android 11 we continue to increase the security of the Android platform. We have moved to safer default settings, migrated to a hardened memory allocator, and expanded the use of compiler mitigations that defend against classes of vulnerabilities and frustrate exploitation techniques.
Initializing memory
We’ve enabled forms of automatic memory initialization in both Android 11’s userspace and the Linux kernel. Uninitialized memory bugs occur in C/C++ when memory is used without having first been initialized to a known safe value. These types of bugs can be confusing, and even the term “uninitialized” is misleading. Uninitialized may seem to imply that a variable has a random value. In reality it isn’t random. It has whatever value was previously placed there. This value may be predictable or even attacker controlled. Unfortunately this behavior can result in a serious vulnerability such as information disclosure bugs like ASLR bypasses, or control flow hijacking via a stack or heap spray. Another possible side effect of using uninitialized values is advanced compiler optimizations may transform the code unpredictably, as this is considered undefined behavior by the relevant C standards.
In practice, uses of uninitialized memory are difficult to detect. Such errors may sit in the codebase unnoticed for years if the memory happens to be initialized with some "safe" value most of the time. When uninitialized memory results in a bug, it is often challenging to identify the source of the error, particularly if it is rarely triggered.
Eliminating an entire class of such bugs is a lot more effective than hunting them down individually. Automatic stack variable initialization relies on a feature in the Clang compiler which allows choosing initializing local variables with either zeros or a pattern.
Initializing to zero provides safer defaults for strings, pointers, indexes, and sizes. The downsides of zero init are less-safe defaults for return values, and exposing fewer bugs where the underlying code relies on zero initialization. Pattern initialization tends to expose more bugs and is generally safer for return values and less safe for strings, pointers, indexes, and sizes.
Initializing Userspace:
Automatic stack variable initialization is enabled throughout the entire Android userspace. During the development of Android 11, we initially selected pattern in order to uncover bugs relying on zero init and then moved to zero-init after a few months for increased safety. Platform OS developers can build with `AUTO_PATTERN_INITIALIZE=true m` if they want help uncovering bugs relying on zero init.
Initializing the Kernel:
Automatic stack and heap initialization were recently merged in the upstream Linux kernel. We have made these features available on earlier versions of Android’s kernel including 4.14, 4.19, and 5.4. These features enforce initialization of local variables and heap allocations with known values that cannot be controlled by attackers and are useless when leaked. Both features result in a performance overhead, but also prevent undefined behavior improving both stability and security.
For kernel stack initialization we adopted the CONFIG_INIT_STACK_ALL from upstream Linux. It currently relies on Clang pattern initialization for stack variables, although this is subject to change in the future.
Heap initialization is controlled by two boot-time flags, init_on_alloc and init_on_free, with the former wiping freshly allocated heap objects with zeroes (think s/kmalloc/kzalloc in the whole kernel) and the latter doing the same before the objects are freed (this helps to reduce the lifetime of security-sensitive data). init_on_alloc is a lot more cache-friendly and has smaller performance impact (within 2%), therefore it has been chosen to protect Android kernels.
Scudo is now Android's default native allocator
In Android 11, Scudo replaces jemalloc as the default native allocator for Android. Scudo is a hardened memory allocator designed to help detect and mitigate memory corruption bugs in the heap, such as:
Scudo does not fully prevent exploitation but it does add a number of sanity checks which are effective at strengthening the heap against some memory corruption bugs.
It also proactively organizes the heap in a way that makes exploitation of memory corruption more difficult, by reducing the predictability of the allocation patterns, and separating allocations by sizes.
In our internal testing, Scudo has already proven its worth by surfacing security and stability bugs that were previously undetected.
Finding Heap Memory Safety Bugs in the Wild (GWP-ASan)
Android 11 introduces GWP-ASan, an in-production heap memory safety bug detection tool that's integrated directly into the native allocator Scudo. GWP-ASan probabilistically detects and provides actionable reports for heap memory safety bugs when they occur, works on 32-bit and 64-bit processes, and is enabled by default for system processes and system apps.
GWP-ASan is also available for developer applications via a one line opt-in in an app's AndroidManifest.xml, with no complicated build support or recompilation of prebuilt libraries necessary.
KernelAddressSANitizer (KASAN) is a dynamic memory error detector designed to find out-of-bound and use-after-free bugs in the Linux kernel. Its Software Tag-Based mode is a software implementation of the memory tagging concept for the kernel. Software Tag-Based KASAN is available in 4.14, 4.19 and 5.4 Android kernels, and can be enabled with the CONFIG_KASAN_SW_TAGS kernel configuration option. Currently Tag-Based KASAN only supports tagging of slab memory; support for other types of memory (such as stack and globals) will be added in the future.
Compared to Generic KASAN, Tag-Based KASAN has significantly lower memory requirements (see this kernel commit for details), which makes it usable on dog food testing devices. Another use case for Software Tag-Based KASAN is checking the existing kernel code for compatibility with memory tagging. As Tag-Based KASAN is based on similar concepts as the future in-kernel MTE support, making sure that kernel code works with Tag-Based KASAN will ease in-kernel MTE integration in the future.
Expanding existing compiler mitigations
We’ve continued to expand the compiler mitigations that have been rolled out in priorreleases as well. This includes adding both integer and bounds sanitizers to some core libraries that were lacking them. For example, the libminikin fonts library and the libui rendering library are now bounds sanitized. We’ve hardened the NFC stack by implementing both integer overflow sanitizer and bounds sanitizer in those components.
In addition to the hard mitigations like sanitizers, we also continue to expand our use of CFI as an exploit mitigation. CFI has been enabled in Android’s networking daemon, DNS resolver, and more of our core javascript libraries like libv8 and the PacProcessor.
The effectiveness of our software codec sandbox
Prior to the Release of Android 10 we announced a new constrained sandbox for software codecs. We’re really pleased with the results. Thus far, Android 10 is the first Android release since the infamous stagefright vulnerabilities in Android 5.0 with zero critical-severity vulnerabilities in the media frameworks.
Thank you to Jeff Vander Stoep, Alexander Potapenko, Stephen Hines, Andrey Konovalov, Mitch Phillips, Ivan Lozano, Kostya Kortchinsky, Christopher Ferris, Cindy Zhou, Evgenii Stepanov, Kevin Deus, Peter Collingbourne, Elliott Hughes, Kees Cook and Ken Chen for their contributions to this post.
For example, if you are currently using Android Gradle plugin version 4.0.0, you can upgrade the version in your project-level build.gradle file:
