Source: Joe Maring / Android Central
When Android 10 was still in its early beta days, Google had plans for a big change in the way that apps could access the files and folders in your phone’s external storage (things like photos that you or other apps placed in the /data/media folder, not the SD card present in many Android models).
This change was known as Scoped Storage, and its purpose was to kill the abuse of the READ_EXTERNAL_STORAGE permissions that so many apps and developers like to request.
These changes were originally slated to apply to every app on a phone running Android 10 or later, but because of developer backlash Google changed course and only required the use of Scoped Storage for apps that target Android API level 29, which is Android 10. But with Android 11 Scoped Storage is back, and Google isn’t likely to change its mind this time.
How Scoped Storage works
Source: Android Central
At one time Android worked like any other desktop operating system when it came to accessing your files; things like documents, photos, music or anything else you wanted to store on your device were there for any other app to open. You said it was OK for an app to do this when you installed it, and it just did. Using the app’s native UI, you could browse the file system and see all your public files.
With Android 4.4 KitKat, Google started making changes to and adding restrictions on how an app could access files it did not own, and with Android 5.1, the Storage Access Framework was implemented. This gave apps a way to access files in other folders using an Android API instead of using standard programming file operations. It … works. It’s slow and fairly unpopular, but it is available and by now almost every developer of an app that needs this sort of global access has at least tried it out to see how suitable it is or isn’t based on their needs.
With Scoped Storage, things are both more restrictive and more easy at the same time. A compatible app is given its own folder for user-facing data. Apps already have a private sandboxed folder for storage of their required files and this is unavailable to any other app. Scoped Storage gives the ability to create a second folder for files the app creates. Think of an app like a voice recorder, for instance; it needs somewhere to store the audio files it creates.
Developers have been groomed to use specific methods for file access since Lollipop, but they’re very unpopular.
The app needs no permission to read or write any file in this folder, so you aren’t prompted to grant any permissions when you first run it concerning file read and write locations; apps also need permission for each and every folder they want to access but do not own.
Developers who need to access folders not owned by their app will need to use the Storage Access Framework APIs. That means it needs to query the API to see if the files exist and get its device location then ask the user for permission to use it. This has been the recommended best practice for file access since Android Lollipop, so it’s not exactly new. But with Scoped Storage, it is now strictly enforced and no longer “optional”.
Why make this change?
Google gives two valid reasons why it’s making this change: Security and to reduce leftover “app clutter.”
On the security front, this change does a few things. First and foremost, it allows a developer to have their own space on the storage of your device that is private without asking for any specific permissions when first run. And no other app can access any document it creates without you saying it can.
The reason for a change is good, but it means more work for developers.
Second, and equally important, it cuts back on the abuse of the READ_EXTERNAL_STORAGE permission. When you grant this permission for an app today it gives access to the entire external storage where we save things like photos, private documents, videos, and other potentially sensitive files. With Scoped Storage enforced, apps only can see their own data folders plus certain media types like music files using other storage APIs.
New APIs have been developed along with a program for developers of file managers to get “special access.”
These APIs can grant access for viewing, writing, deletion and even bulk actions through the use of a system-built user prompt that lets you allow or deny th4e action. These API’s should simplify development for apps like music players or photo editors even without Scoped Storage being enforced.
Reducing app clutter needs little explanation. When you uninstall an app, the files and folders it drops all over your device storage once you gave it permission to do so stay behind. Enough of these leftovers can start to affect performance, especially if the files use a common name that may be repeated by another app. If a developer builds an app that creates media like a camera app or music recorder, for instance, he or she can use the standard media folder locations to deposit the things you create so they are not removed if the app is uninstalled.
What about file managers?
Developers of apps like file managers that want access to every file in the external storage can do so through the Storage Access Framework once granted permission by Google — we learned in October 2019 at the Android Developer Summit that a program allowing for “special access” was being implemented.
Legitmitate apps need these special permissions.
A user would give permission for a file manager app to access the root (top-level folder) of the external storage, thus granting recursive access to every folder and file inside of it. Since this is a pretty broad selection and one of the goals of Scoped Storage was to reign in apps that want this level of access, it’s good that Google will take a special look at apps who want to do this and grant permissions for legitimate apps like your favorite file manager.
Scoped Storage is going to happen this time
Early feedback for Scoped Storage was not very good. There was even a petition that asked Google to remove the feature rethink its implementation.
Which is mostly what Google did. Scoped Storage was available in the official Android 10 release, but developers were not required to use it. But that’s all about to change.
Starting in September 2020, apps will need to target Android 10 or later if they are to be available on the Play Store.
Any app that is targeted for Android 10 or later must use the new storage APIs, and that includes Scoped Storage. Changes to Google Play’s developer agreement say that starting August 1, 2020 all new apps submitted to Google Play must target Android 10 or later, and all updates to existing apps must target Android 10 or later as of November 1, 2020.
That means that unless an app developer is willing to let an app wither and die in a sea of old apps, Scoped Storage must be implemented soon. Luckily, this time Google has listened to feedback and made things easier for apps that have a need for full or special access and the new APIs in Android 11 make other things easier, too. A safer and more secure Android is something we all should want.
Have you listened to this week’s Android Central Podcast?
Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.
We may earn a commission for purchases using our links. Learn more.
Jerry is Mobile Nation’s resident nerd and proud of it. There’s nothing he can’t take apart, but many things he can’t reassemble. You’ll find him across the Mobile Nations network and you can hit him up on Twitter if you want to say hey.