![]() ![]() ![]() As you can see in the video below, the loophole works on Android 12L but not on Android 13: That “future Android release” is now here in the form of Android 13, and I can confirm the loophole is closed through my own testing and code examination. Half a year after someone reported the existence of the loophole to Google, though, an employee said the issue will be fixed in a future Android release. This is intended functionality of SAF, but Google seemingly didn’t consider this when implementing Android’s restrictions on those directories. Based on my understanding, the way it works is that, when constructing the intent to launch SAF, apps can set the initial location of the document chooser to be /Android/data or /Android/obb. One of the developers behind Amaze File Manager, TranceLove, published a proof of concept app that could access restricted directories in Android 11. This StackOverflow post sums it up quite nicely, though I first stumbled upon the method after reading this issue on the Amaze File Manager’s GitHub. The method behind this loophole is pretty simple to find online. In other words, while file managers couldn’t just use SAF to ask for access to all of /Android, they could use it to ask for access to /Android/data and /Android/obb, circumventing Android’s restrictions almost entirely. In fact, Google explicitly blocked SAF directory access to /Android, but this implementation had a flaw: it didn’t block SAF directory access to subdirectories under /Android. This capability, thus, is quite old, so it’s not as if Google didn’t consider that apps would try to use SAF to request access to directories that are supposed to be restricted. SAF was introduced all the way back in Android 4.4, while the ability to use SAF to prompt the user to choose a directory for an app to access was added in Android 5.0. What file managers like MiXplorer are doing is using the Storage Access Framework (SAF) to request access to a particular directory’ s contents. Once given, a separate request is shown to grant access to /Android/obb. All the user had to do was tap “use this folder” and then “allow” when requested, and the file manager would have access to those directories.Īfter doing a fresh install of MiXplorer on a Pixel 6 Pro running Android 12L and then tapping to open /Android folder, the user is prompted to allow access to /Android/data. It was noted quite quickly, however, that many file managers had rolled out updates enabling access to /Android/data and /Android/obb. ![]() When friend of the blog (and one-time Android Bytes guest) Braden Farmer posted on Reddit about Android 11’s file manager restriction, the post attracted over 100 comments from users expressing frustration with the change. Though everyone’s setup is different, most readers have probably accessed a file or folder under /Android at one point in the past. obb files in order to access some games early. It’s not uncommon to see Android gamers share. These files are stored in /Android/obb with the. Apps that ship with a lot of high quality assets (like games) could easily exceed this limit, so Google offered the ability to create APK expansion files that can be up to 2GB in size. Android/data isn’t the only place where apps like Telegram and Google Podcasts can store files, but it offers more space to do so than internal storage and is just as convenient to access, which is why it's frequently used.įor many years, Google Play limited the size of APK files that devs could upload to be 100MB or less. Google Podcasts stores downloaded podcasts to /Android/data//files/Podcasts/Downloads, so if you, say, downloaded a bunch of episodes of Android Bytes on your phone and wanted to transfer those to your PC, you'd need to navigate to that location to grab those files. The Telegram app, for example, stores its cache under /Android/data//cache, so if there's a particular file you forgot to save but wanted to retrieve, you might be able to find it there. An app can read and write whatever files it wants in the folder matching its package name, and it doesn’t have to ask for permission to do so. ![]() Within this subdirectory you’ll find folders named after the package names of apps installed on your device. The /Android/data subdirectory is where many apps store files. The SAF loophole that file managers jumped onīefore I talk about the loophole, though, I want to explain why its closure is important to users. Unlike in the previous example, MiXplorer here is able to read the contents of /Android/data. Shown above is MiXplorer running on a Pixel 6 Pro with Android 12L. Using a loophole, file managers are able to access subdirectories under /Android. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |