Response From Vendor: the Notes You Input Into Is Dangerous

Like earlier releases, Android 12 includes behavior changes that may affect your app. The following beliefs changes apply exclusively to apps that are targeting Android 12 or higher. If your app is targeting Android 12, you should modify your app to support these behaviors properly, where applicable.

Exist sure to likewise review the list of beliefs changes that affect all apps running on Android 12.

User experience

Custom notifications

Android 12 changes the appearance and behavior of fully custom notifications. Previously, custom notifications were able to use the entire notification area and provide their own layouts and styles. This resulted in anti-patterns that could confuse users or cause layout compatibility bug on different devices.

For apps targeting Android 12, notifications with custom content views will no longer use the full notification surface area; instead, the system applies a standard template. This template ensures that custom notifications take the same decoration as other notifications in all states, such as the notification's icon and expansion affordances (in the collapsed land) and the notification's icon, app proper name, and collapse affordance (in the expansion state). This behavior is virtually identical to the behavior of Notification.DecoratedCustomViewStyle.

In this way, Android 12 makes all notifications visually consistent and easy to scan, with a discoverable, familiar notification expansion for users.

The post-obit analogy shows a custom notification in the standard template:

The following examples prove how custom notifications would return in a collapsed and an expanded country:

The change in Android 12 affects apps that ascertain custom subclasses of Notification.Mode, or which apply Notification.Builder's methods setCustomContentView(RemoteViews), setCustomBigContentView(RemoteViews), and setCustomHeadsUpContentView(RemoteViews).

If your app is using fully custom notifications, we recommend testing with the new template equally soon as possible.

1. Enable the custom notifications alter:

   1. Alter your app's targetSdkVersion to S to enable the new behavior.
   2. Recompile.
   3. Install your app on a device or emulator running Android 12.

2. Exam all notifications that use custom views, ensuring they await every bit you expect in the shade. While testing, have these considerations into business relationship and make the necessary adjustments:

   • The dimensions of custom views take inverse. In full general, the tiptop afforded to custom notifications is less than earlier. In the complanate state, the maximum height of the custom content has decreased from 106dp to 48dp. Also, at that place is less horizontal space.

   • All notifications are expandable for apps targeting Android 12. Typically, this means if you lot're using setCustomContentView, you'll too desire to use setBigCustomContentView to make certain collapsed and expanded states are consistent.

   • To make sure that the "Heads Up" land looks as yous expect, don't forget to raise the importance of the notification channel to "HIGH" (Pops on screen).

Android App Links verification changes

On apps that target Android 12 or college, the system makes several changes to how Android App Links are verified. These changes improve the reliability of the app-linking feel and provide more control to app developers and end users.

If you rely on Android App Link verification to open web links in your app, check that you use the correct format when you add intent filters for Android App Link verification. In item, make sure that these intent filters include the BROWSABLE category and support the https scheme.

You can too manually verify your app's links to test the reliability of your declarations.

Picture show-in-picture beliefs improvements

Android 12 introduces behavior improvements for motion picture-in-picture (PiP) mode. Run across Picture show-in-film improvements for more information.

Toast redesign

In Android 12, the toast view has been redesigned. Toasts are now limited to ii lines of text and show the application icon adjacent to the text.

Run across Toasts overview for further details.

Security and privacy

Approximate location

On devices that run Android 12 or college, users tin request approximate location accuracy for your app.

Modern SameSite cookies in WebView

Android's WebView component is based on Chromium, the open source project that powers Google'due south Chrome browser. Chromium introduced changes to the handling of third-party cookies to provide more security and privacy and offering users more transparency and control. Starting in Android 12, these changes are also included in WebView when apps target Android 12 (API level 31) or higher.

The SameSite attribute of a cookie controls whether it tin can be sent with any requests, or only with same-site requests. The following privacy-protecting changes amend the default handling of 3rd-party cookies and help protect confronting unintended cross-site sharing:

• Cookies without a SameSite attribute are treated equally SameSite=Lax.
• Cookies with SameSite=None must also specify the Secure aspect, meaning they require a secure context and should be sent over HTTPS.
• Links betwixt HTTP and HTTPS versions of a site are now treated as cross-site requests, and so cookies are not sent unless they are appropriately marked as SameSite=None; Secure.

For developers, the general guidance is to identify the cross-site cookie dependencies in your critical user flows and ensure that the SameSite attribute is explicitly fix with the appropriate values where needed. You lot must explicitly specify the cookies that are immune to work across websites or across same-site navigations that move from HTTP to HTTPS.

For complete guidance for web developers on these changes, come across SameSite Cookies Explained and Schemeful SameSite.

Examination SameSite behaviors in your app

If your app uses WebView, or if you manage a website or service that uses cookies, we recommend testing your flows on Android 12 WebView. If you notice issues, you might demand to update your cookies to support the new SameSite behaviors.

Scout for issues in logins and embedded content, likewise as sign-in flows, purchasing, and other hallmark flows where the user starts on an insecure folio and transitions to a secure folio.

To test an app with WebView, you lot must enable the new SameSite behaviors for the app that you want to exam past completing either of the following steps:

• Manually enable SameSite behaviors on the exam device by toggling the UI flag webview-enable-modern-cookie-same-site in the WebView devtools.

  This approach lets you examination on any device running Android 5.0 (API level 21) or higher—including Android 12—and WebView version 89.0.4385.0 or higher.

• Compile your app to target Android 12 (API level 31) past targetSdkVersion.

  If y'all utilize this approach, you must use a device that runs Android 12.

For information on remote debugging for WebView on Android, come across Get Started with Remote Debugging Android Devices.

Other resources

For more information about the SameSite modern behaviors and rollout to Chrome and WebView, visit the Chromium SameSite Updates page. If you find a bug in WebView or Chromium, you tin report information technology in the public Chromium effect tracker.

Move sensors are rate-limited

To protect potentially sensitive information about users, if your app targets Android 12 or higher, the organization places a limit on the refresh rate of information from certain motion sensors and position sensors.

Learn more about sensor rate-limiting.

App hibernation

Android 12 expands upon the permissions auto-reset behavior that was introduced in Android 11 (API level thirty). If your app targets Android 12 and the user doesn't collaborate with your app for a few months, the system machine-resets whatever granted permissions and places your app in a hibernation state.

Learn more in the guide about app hibernation.

Attribution declaration in data access auditing

The data access auditing API, introduced in Android xi (API level thirty), allows you to create attribution tags based on your app's apply cases. These tags get in easier for you to determine which part of your app performs a specific blazon of data admission.

If your app targets Android 12 or higher, you must declare these attribution tags in your app'southward manifest file.

ADB backup brake

To help protect individual app data, Android 12 changes the default behavior of the adb backup control. For apps that target Android 12 (API level 31) or higher, when a user runs the adb fill-in command, app information is excluded from whatever other system data that is exported from the device.

If your testing or evolution workflows rely on app information using adb backup, you can now opt in to exporting your app's information past setting android:debuggable to truthful in your app's manifest file.

Safer component exporting

If your app targets Android 12 or higher and contains activities, services, or broadcast receivers that use intent filters, you must explicitly declare the android:exported attribute for these app components.

If the app component includes the LAUNCHER category, ready android:exported to true. In most other cases, set android:exported to simulated.

The following code snippet shows an example of a service that contains an intent filter whose android:exported attribute is set to false:

<service android:proper name="com.example.app.backgroundService"          android:exported="fake">     <intent-filter>         <action android:name="com.example.app.START_BACKGROUND" />     </intent-filter> </service>        

Messages in Android Studio

If your app contains an activeness, service, or broadcast receiver that uses intent filters merely doesn't declare android:exported, the post-obit warning messages appear, depending on the version of Android Studio that y'all apply:

Android Studio 2020.3.i Canary 11 or subsequently

The following messages appear:

1. The following lint warning appears in your manifest file:

                 When using intent filters, please specify android:exported as well                          

2. When you attempt to compile your app, the following build fault message appears:

                 Manifest merger failed : Apps targeting Android 12 and higher are required \ to specify an explicit value for android:exported when the respective \ component has an intent filter defined.                          

Older versions of Android Studio

If you try to install the app, Logcat displays the following error message:

          Installation did not succeed. The application could not exist installed: INSTALL_FAILED_VERIFICATION_FAILURE List of apks: [0] '.../build/outputs/apk/debug/app-debug.apk' Installation failed due to: 'nil'                  

Pending intents mutability

If your app targets Android 12, y'all must specify the mutability of each PendingIntent object that your app creates. This additional requirement improves your app's security.

Exam the pending intent mutability alter

To decide whether your app is missing mutability declarations, look for the following lint alert in Android Studio:

          Warning: Missing PendingIntent mutability flag [UnspecifiedImmutableFlag]                  

Unsafe intent launches

To improve platform security, Android 12 and higher provide a debugging feature that detects unsafe launches of intents. When the organization detects such an unsafe launch, a StrictMode violation occurs.

Performance

Foreground service launch restrictions

Apps that target Android 12 or college can't start foreground services while running in the background, except for a few special cases. If an app attempts to offset a foreground service while running in the background, an exception occurs (except for the few special cases).

Consider using WorkManager to schedule and start expedited work while your app runs in the background. To complete time-sensitive actions that the user requests, start foreground services within an exact alarm.

Verbal alarm permission

To encourage apps to conserve system resource, apps that target Android 12 and higher and set exact alarms must have admission to the "Alarms & reminders" capability that appears within the Special app access screen in system settings.

To obtain this special app access, request the SCHEDULE_EXACT_ALARM permission in the manifest.

Exact alarms should only be used for user-facing features. Acquire more virtually the acceptable use cases for setting an exact alarm.

Disable the behavior modify

As you lot prepare your app to target Android 12, you lot can temporarily disable the behavior change in your debuggable build variant for testing purposes. To do and then, complete one of the following tasks:

• In the Programmer options setting screen, select App Compatibility Changes. On the screen that appears, tap on your app's name, then turn off REQUIRE_EXACT_ALARM_PERMISSION.

• In a last window on your development motorcar, run the post-obit command:

  adb shell am compat disable REQUIRE_EXACT_ALARM_PERMISSION              PACKAGE_NAME            

Notification trampoline restrictions

When users interact with notifications, some apps respond to notification taps past launching an app component that somewhen starts the activity that the user finally sees and interacts with. This app component is known as a notification trampoline.

To improve app performance and UX, apps that target Android 12 or higher can't get-go activities from services or circulate receivers that are used as notification trampolines. In other words, after the user taps on a notification, or an action button within the notification, your app cannot call startActivity() inside of a service or broadcast receiver.

When your app tries to start an action from a service or broadcast receiver that acts as a notification trampoline, the organization prevents the activity from starting, and the post-obit bulletin appears in Logcat:

          Indirect notification activity commencement (trampoline) from PACKAGE_NAME, \ this should be avoided for functioning reasons.                  

Identify which app components act as notification trampolines

When testing your app, after you tap on a notification, yous can place which service or circulate receiver acted as the notification trampoline in your app. To exercise so, look at output of the following terminal command:

adb shell dumpsys activeness service \   com.android.systemui/.dump.SystemUIAuxiliaryDumpService        

A department of the output includes the text "NotifInteractionLog". This section contains the information that's necessary to identify the component that starts as the result of a notification tap.

Update your app

If your app starts an activity from a service or broadcast receiver that acts every bit a notification trampoline, complete the following migration steps:

1. Create a PendingIntent object that is associated with the activity that users see later they tap on the notification.
2. Use the PendingIntent object that you lot created in the previous step every bit part of building your notification.

To identify the origin of the activity, in order to perform logging for example, apply extras when posting the notification. For centralized logging, use ActivityLifecycleCallbacks or Jetpack lifecycle observers.

Toggle the behavior

When testing a debuggable version of your app, yous can enable and disable this restriction using the NOTIFICATION_TRAMPOLINE_BLOCK app compatibility flag.

Backup and restore

There are changes to how fill-in and restore works in apps that run on and target Android 12 (API level 31). Android backup and restore has ii forms:

• Cloud backups: User data is stored in a user'due south Google Drive so that it can later be restored on that device or a new device.
• Device-to-device (D2D) transfers: User data is sent directly to the user's new device from their older device, such every bit by using a cable.

For more information on how data is backed up and restored, see Back up user information with Auto Backup and Support central-value pairs with Android Backup Service.

D2D transfer functionality changes

For apps running on and targeting Android 12 and college:

• Specifying android:allowBackup="false" does disable backups to Google Drive, but doesn't disable D2D transfers for the app.

• Specifying include and exclude rules with the XML configuration mechanism no longer affects D2D transfers, though it still affects Google Drive backups. To specify rules for D2D transfers, you must utilize the new configuration covered in the next section.

New include and exclude format

Apps running on and targeting Android 12 and higher use a different format for the XML configuration. This format makes the departure between Google Drive backup and D2D transfer explicit by requiring yous to specify include and exclude rules separately for cloud backups and for D2D transfer.

Optionally, yous can as well utilize it to specify rules for backup, in which case the old configuration is ignored on devices running Android 12 or college. The old configuration is all the same required for devices running Android eleven or lower.

XML format changes

The post-obit is the format used for backup and restore configuration in Android 11 and lower:

<full-backup-content>     <include domain=["file" | "database" | "sharedpref" | "external" |                      "root"] path="string"     requireFlags=["clientSideEncryption" | "deviceToDeviceTransfer"] />     <exclude domain=["file" | "database" | "sharedpref" | "external" |                      "root"] path="string" /> </full-backup-content>        

The following shows the changes in the format in bold.

          <data-extraction-rules>          <cloud-backup [disableIfNoEncryptionCapabilities="true|fake"]>          ...     <include domain=["file" | "database" | "sharedpref" | "external" |                         "root"] path="string"/>     ...     <exclude domain=["file" | "database" | "sharedpref" | "external" |                         "root"] path="string"/>     ...          </cloud-fill-in>          <device-transfer>          ...     <include domain=["file" | "database" | "sharedpref" | "external" |                         "root"] path="cord"/>     ...     <exclude domain=["file" | "database" | "sharedpref" | "external" |                         "root"] path="string"/>     ...          </device-transfer>          </data-extraction-rules>        

For more data, encounter the corresponding section in the guide to backing upward user data with Car Backup.

Manifest flag for apps

Signal your apps to the new XML configuration past using the android:dataExtractionRules attribute in your manifest file. When you betoken to the new XML configuration, the android:fullBackupContent attribute that points to the sometime config is ignored on devices running Android 12 or higher. The post-obit lawmaking sample shows the new manifest file entries:

<application     ...     <!-- The below attribute is ignored. -->     android:fullBackupContent="old_config.xml"     <!-- You can point to your new configuration using the new          dataExtractionRules attribute . -->     android:dataExtractionRules="new_config.xml"     ...> </application>        

Connectivity

Concurrent Peer-to-Peer + Internet Connection

For apps targeting Android 12 (API level 31) or higher, devices that support concurrent peer-to-peer and internet connections can maintain simultaneous Wi-Fi connections to both the peer device and the chief internet-providing network, making the user experience more seamless. Apps targeting Android xi (API level 30) or lower withal experience the legacy beliefs, where the master Wi-Fi network is disconnected prior to connecting to the peer device.

Compatibility

WifiManager.getConnectionInfo() is able to return the WifiInfo for only a single network. Because of this, the API'south behavior has been inverse in the following means in Android 12 and higher:

• If only a single Wi-Fi network is available, its WifiInfo is returned.
• If more one Wi-Fi network is available and the calling app triggered a peer-to-peer connection, the WifiInfo corresponding to the peer device is returned.
• If more ane Wi-Fi network is bachelor and the calling app did not trigger a peer-to-peer connection, the master internet-providing connection'southward WifiInfo is returned.

To provide a better user experience on devices that support dual concurrent Wi-Fi networks, we recommend all apps—especially ones that trigger peer-to-peer connections—migrate away from calling WifiManager.getConnectionInfo() and instead utilise NetworkCallback.onCapabilitiesChanged() to go all WifiInfo objects that friction match the NetworkRequest used to annals the NetworkCallback. getConnectionInfo() is deprecated every bit of Android 12.

The following code sample shows how to go the WifiInfo in a NetworkCallback:

Kotlin

val networkCallback = object : ConnectivityManager.NetworkCallback() {   ...   override fun onCapabilitiesChanged(            network : Network,            networkCapabilities : NetworkCapabilities) {     val transportInfo = networkCapabilities.getTransportInfo()     if (transportInfo !is WifiInfo) return     val wifiInfo : WifiInfo = transportInfo     ...   } }            

Java

final NetworkCallback networkCallback = new NetworkCallback() {   ...   @Override   public void onCapabilitiesChanged(          Network network,          NetworkCapabilities networkCapabilities) {     concluding TransportInfo transportInfo = networkCapabilities.getTransportInfo();     if (!(transportInfo instanceof WifiInfo)) return;     final WifiInfo wifiInfo = (WifiInfo) transportInfo;     ...   }   ... };            

mDNSResponder native API

Android 12 changes when apps can collaborate with the mDNSResponder daemon using the mDNSResponder native API. Previously, when an app registered a service on the network and chosen the getSystemService() method, the system's NSD service started the mDNSResponder daemon, even if the app had not called any NsdManager methods even so. The daemon then subscribed the device to the all-nodes multicast groups, causing the system to wake more oftentimes and use additional ability. To minimize battery usage, in Android 12 and higher the organisation at present starts the mDNSResponder daemon only when it is needed for NSD events and stops information technology afterwards.

Because this change affects when the mDNSResponder daemon is available, apps that presume that the mDNSResponder daemon volition exist started after calling the getSystemService() method might receive messages from the arrangement that say that the mDNSResponder daemon is not available. Apps that use NsdManager and practice not employ the mDNSResponder native API are unaffected by this change.

Vendor libraries

Vendor-supplied native shared libraries

Non-NDK native shared libraries that are provided by silicon vendors or device manufacturers are not accessible by default if the app is targeting Android 12 (API level 31) or college. The libraries are attainable merely when they are explicitly requested using the <uses-native-library> tag.

If the app is targeting Android 11 (API level 30) or lower, the <uses-native-library> tag is not required. In that example, whatsoever native shared library is attainable regardless of whether it is an NDK library.

Updated non-SDK restrictions

Android 12 includes updated lists of restricted non-SDK interfaces based on collaboration with Android developers and the latest internal testing. Whenever possible, we make sure that public alternatives are available earlier nosotros restrict non-SDK interfaces.

If your app does non target Android 12, some of these changes might non immediately affect you. However, while you can currently employ some non-SDK interfaces (depending on your app's target API level), using any non-SDK method or field always carries a loftier run a risk of breaking your app.

If you are unsure if your app uses not-SDK interfaces, y'all can examination your app to find out. If your app relies on not-SDK interfaces, you should brainstorm planning a migration to SDK alternatives. Nevertheless, we empathise that some apps have valid use cases for using non-SDK interfaces. If you cannot notice an alternative to using a not-SDK interface for a characteristic in your app, you should asking a new public API.

To learn more about the changes in this release of Android, run into Updates to non-SDK interface restrictions in Android 12. To larn more well-nigh non-SDK interfaces generally, encounter Restrictions on non-SDK interfaces.

birneycamle1970.blogspot.com

Source: https://developer.android.com/about/versions/12/behavior-changes-12

Share this post