Android P introduces a number of behavior changes that enhance the security of your app and the devices that run them. This page describes the platform changes that are most important for third-party app developers to keep in mind.
Behavior changes affecting all apps
Android P adds several capabilities that improve your app's security, regardless of which version your app targets.
TLS implementation changes
The system's TLS implementation has undergone several changes in Android P:
- If an instance of
SSLSocketfails to connect while it's being created, the system now throws an
IOExceptioninstead of a
SSLEngineclass now cleanly handles any
close_notifyalerts that occur.
Stricter Seccomp filter
We've further restricted the system calls that are available to apps. Apps aren't affected, however, if they use the Bionic library and don't make system calls directly.
Support for ChaCha20 stream cipher
The Android platform now supplies implementations of the ChaCha20 cipher as described in RFC 7539, both in unadorned stream cipher form, ChaCha20/None/NoPadding, and in ChaCha20 + Poly1305 AEAD form, ChaCha20/Poly1305/NoPadding.
Legacy encryption support
Android P devices that ship with Keymaster 4 support the Triple Data Encryption Algorithm, or Triple DES. If your app interoperates with legacy systems that require Triple DES, use this type of cipher when encrypting sensitive credentials.
A number of the Wi-Fi methods have been modified in Android P to enhance the user's privacy. The
WifiP2pManager methods that may expose the user’s location information or personally identifiable information data are further restricted. These methods are:
When you access scan results and connection information, you must hold the
ACCESS_FINE_LOCATION location permission. This is also applied to triggering Wi-Fi scans, which additionally requires
System broadcasts from Wi-Fi also have all SSIDs, BSSIDs, connection information, and scan results removed.
Behavior changes affecting apps targeting Android P
Android P adds several capabilities that improve your app's security, but only if it targets Android P.
Network TLS enabled by default
If your app targets Android P, the
false by default. As a result, if your app needs to enable
cleartext for specific domains, you need to explicitly set
true in your app's
Network Security Configuration.
Web-based data directories separated by process
In order to improve app stability and data integrity in Android P, apps can no
longer share a single
multiple processes. Typically,
such data directories store cookies, HTTP caches, and other persistent and
temporary storage related to web browsing.
In most cases, your app should use classes from the
android.webkit package, such
CookieManager, in only one
process. For example, you should move all
Activity objects that use a
into the same process. You can more strictly enforce the "one process only" rule
your app's other processes. This call prevents
WebView from being initialized
in those other processes by mistake, even if it's being called from a dependent
If your app must use instances of
WebView in more than one process,
you must assign a distinct data directory suffix for each process, using the
method, before using a given instance of
WebView in that process. This method
places web data from each process in its own directory that's inside your app's
Per-app SELinux domains
Apps that target Android P can no longer share data with other apps using world-accessible Unix permissions. This change improves the integrity of the Android Application Sandbox, particularly the requirement that an app's private data is accessible only by that app.
Connectivity data counting and multipath
The system now counts network traffic on networks that aren't the current default (for example, cell traffic while the device is on Wi-Fi), and provides
NetworkStatsManager APIs to query for that traffic.
ConnectivityManager.getMultipathPreference() now returns a value based on the aforementioned network traffic. New in Android P, it returns
true on cell data, but when more than a certain amount of said traffic happens in a day, it starts returning
false. Applications running on Android P are expected to call and honor this hint.
The callbacks (
ConnectivityManager.NetworkCallback) that the system sends to apps now include VPNs, which make it much easier for apps to listen for connectivity events without having to mix sync/async calls and using limited APIs. Additionally, it means that things work correctly on a device with two simultaneous Wi-Fi networks or two simultaneous cell networks.
Android P apps should honor the private DNS APIs, and ensure that if the system resolver is doing DNS-over-TLS, any built-in DNS client either uses encrypted DNS (to the same hostname as the system) or is disabled in favor of the system resolver.