PowerManager.WakeLock
, AlarmManager
alarms, GPS, and Wi-Fi scans. Regardless of whether some or all Doze restrictions are being applied, the system wakes the device for brief maintenance windows, during which applications are allowed network access and can execute any deferred jobs/syncs.CONNECTIVITY_ACTION
broadcast in their manifest. Since many apps register to receive this broadcast, a single network switch can cause them all to wake up and process the broadcast at once.ACTION_NEW_PICTURE
and ACTION_NEW_VIDEO
broadcasts from other apps, such as Camera. When a user takes a picture with the Camera app, these apps wake up to process the broadcast.CONNECTIVITY_ACTION
broadcasts if they declare their broadcast receiver in the manifest. Apps will still receive CONNECTIVITY_ACTION
broadcasts if they register their BroadcastReceiver
with Context.registerReceiver()
and that context is still valid.ACTION_NEW_PICTURE
or ACTION_NEW_VIDEO
broadcasts. This optimization affects all apps, not only those targeting Android 7.0. JobScheduler
API provides a robust mechanism to schedule network operations when specified conditions, such as connection to an unmetered network, are met. You can even use JobScheduler
to react to changes to content providers.0700
). This setting prevents leakage of metadata of private files, such as their size or existence. This permission change has multiple side effects:MODE_WORLD_READABLE
and/or MODE_WORLD_WRITEABLE
, will trigger a SecurityException
. File
API. However, we strongly discourage relaxing the permissions to the private directory. file://
URIs outside the package domain may leave the receiver with an unaccessible path. Therefore, attempts to pass a file://
URI trigger a FileUriExposedException
. The recommended way to share the content of a private file is using the FileProvider
. DownloadManager
can no longer share privately stored files by filename. Legacy applications may end up with an unaccessible path when accessing COLUMN_LOCAL_FILENAME
. Apps targeting Android 7.0 or higher trigger a SecurityException
when attempting to access COLUMN_LOCAL_FILENAME
. Legacy applications that set the download location to a public location by using DownloadManager.Request.setDestinationInExternalFilesDir()
or DownloadManager.Request.setDestinationInExternalPublicDir()
can still access the path in COLUMN_LOCAL_FILENAME
, however, this method is strongly discouraged. The preferred way of accessing a file exposed by the DownloadManager
is using ContentResolver.openFileDescriptor()
. StrictMode
API policy that prohibits exposing file://
URIsoutside your app. If an intent containing a file URI leaves your app, the app failswith a FileUriExposedException
exception.content://
URIand grant a temporary access permission on the URI. The easiest way to grant this permission is byusing the FileProvider
class. For more informationon permissions and sharing files,see Sharing Files.sw320dp
and be sure it performs adequately. dp
) units. libcrypto.so
. However, the app could crash on later versions of Android that do not include this library (such as, Android 6.0 and later). To fix this, ensure that you bundle all your non-NDK libraries with your APK. libandroid_runtime.so
, libcutils.so
, libcrypto.so
, and libssl.so
—are temporarily accessible on Android 7.0 (API level 24) for apps targeting API level 23 or lower. If your app loads one of these libraries, logcat generates a warning and a toast appears on the target device to notify you. If you see these warnings, you should update your app to either include its own copy of those libraries or only use the public NDK APIs. Future releases of the Android platform may restrict the use of private libraries altogether and cause your app to crash.System.loadLibrary
and dlopen(3)
both return NULL
, and may cause your app to crash. You should review your app code to remove use of private platform APIs and thoroughly test your apps using a device or emulator running Android 7.0 (API level 24). If you are unsure whether your app uses private libraries, you can check logcat to identify the runtime error.android:targetSdkVersion
).Libraries | Target API level | Runtime access via dynamic linker | Android 7.0 (API level 24) behavior | Future Android platform behavior |
---|---|---|---|---|
NDK Public | Any | Accessible | Works as expected | Works as expected |
Private (temporarily accessible private libraries) | 23 or lower | Temporarily accessible | Works as expected, but you receive a logcat warning. | Runtime error |
Private (temporarily accessible private libraries) | 24 or higher | Restricted | Runtime error | Runtime error |
Private (other) | Any | Restricted | Runtime error | Runtime error |
.so
file by running the following command:getJavaVM
and getJNIEnv
from libandroid_runtime.so
: __system_property_get
instead of the private property_get
symbol from libcutils.so
. To do this, use __system_property_get
with the following include: SSL_ctrl
symbol from libcrypto.so
. For example, you should statically link libcyrpto.a
in your .so
file, or include a dynamically linked version of libcrypto.so
from BoringSSL/OpenSSL and package it in your APK. DevicePolicyManager.setCertInstallerPackage()
. If the installer is not already installed, the system throws an IllegalArgumentException
. DevicePolicyManager.resetPassword()
to clear passwords or change ones that are already set. Device admins can still set a password, but only when the device has no password, PIN, or pattern. DISALLOW_MODIFY_ACCOUNTS
user restrictions are in place. DISALLOW_ADD_USER
restriction is automatically set. This prevents users from creating unmanaged secondary users. In addition, the CreateUser()
and createAndInitializeUser()
methods are deprecated; the new DevicePolicyManager.createAndManageUser()
method replaces them. DevicePolicyManager.getWifiMacAddress()
. If Wi-Fi has never been enabled on the device, this method returns a value of null
. KeyChain.getCertificateChain()
when apps attempt to retrieve the client certificate chain later. If required, the CA certificate should be installed to the trusted credentials storage via Settings UI separately, with a DER-encoded format under a .crt or .cer file extension. ENCRYPTION_STATUS_ACTIVE_PER_USER
is returned by DevicePolicyManager.getStorageEncryptionStatus()
, to indicate that encryption is active and the encryption key is tied to the user. The new status is only returned if DPC targets API Level 24 and above. For apps targeting earlier API levels, ENCRYPTION_STATUS_ACTIVE
is returned, even if the encryption key is specific to the user or profile. DevicePolicyManager.getParentProfileInstance()
documentation.) For example, DevicePolicyManager.lockNow()
locks just the work profile, instead of locking the entire device. For each of these methods, you can get the old behavior by calling the method on the parent instance of the DevicePolicyManager
; you can get this parent by calling DevicePolicyManager.getParentProfileInstance()
. So for example, if you call the parent instance's lockNow()
method, the entire device is locked. VISIBILITY_BUILD
: Intended to be visible only at build time.VISIBILITY_SYSTEM
: Intended to be visible at runtime, but only to the underlying system.@Retention(RetentionPolicy.RUNTIME)
.SSLSocketFactory
to communicate with the server. The factory should be designed to create SSLSocket
instances that have some of the cipher suites required by the server enabled in addition to default cipher suites.WebView
.targetSdkVersion
to Android 7.0 or higher must modify their apps to support these behaviors properly, where applicable to the app.Serializable
and do not specify an explicit serialVersionUID
field could see a change in their default serialVersionUID which would cause an exception to be thrown when attempting to deserialize instances of the class that were serialized on an earlier version or serialized by an app targeting an earlier version. The error message will look something like this:serialVersionUID
field to any affected class with the value of stream classdesc serialVersionUID
from the error message, e.g. 1234
in this case. That change adheres to all good practice recommendations for writing serialization code and will work on all versions of Android.<clinit>
. According to the specification the presence or absence of a static initializer method in the class will affect the default serialVersionUID calculated for that class. Prior to the bug fix the calculation would also check the super class for a static initializer if a class did not have one.serialVersionUID
field or classes that have a static initializer method.android.os.NetworkOnMainThreadException
.Generally, performing network operations on the main thread is a bad idea because these operationsusually have a high latency that causes ANRs and jank.Debug.startMethodTracing()
family of methods now defaults tostoring output in your package-specific directory on shared storage,instead of at the top levelof the SD card. This means apps no longer need to request the WRITE_EXTERNAL_STORAGE
permission to use these APIs.Binder
transactions, and thesystem now rethrows TransactionTooLargeExceptions
as RuntimeExceptions
, instead of silently logging or suppressing them. Onecommon example is storing too much data inActivity.onSaveInstanceState()
,which causes ActivityThread.StopInfo
to throw aRuntimeException
when your app targets Android 7.0.Runnable
tasks to a View
, andthe View
is not attached to a window, the systemqueues the Runnable
task with the View
;the Runnable
task does not execute until theView
is attachedto a window. This behavior fixes the following bugs:View
from a thread other than the intended window’s UI thread, the Runnable
may run on the wrong thread as a result. Runnable
task was posted from a thread other than a looper thread, the app could expose the Runnable
task.DELETE_PACKAGES
permission tries to delete a package, but a different app had installed that package,the system requires user confirmation. In this scenario, apps should expectSTATUS_PENDING_USER_ACTION
as the return status when they invokePackageInstaller.uninstall()
.