The Android 11 platform includes behavior changes that may
affect your app. The following behavior changes apply to all apps when they
run on Android 11, regardless of
targetSdkVersion. You should
test your app and then modify it as needed to support these properly, where
Make sure to also review the list of behavior changes that only affect apps targeting Android 11.
Android 11 introduces a changes and restrictions to enhance user privacy, including the following:
- One-time permissions: Gives users the option to grant more temporary access to location, microphone, and camera permissions.
- Permission dialog visibility: Repeated denials of a permission implies "don't ask again."
- Data access auditing: Gain insights into where your app accesses private data, both in your app's own code and in dependent libraries' code.
- System alert window
permissions: Certain classes of
apps are automatically granted the
SYSTEM_ALERT_WINDOWpermission upon request. Also, intents that include the
ACTION_MANAGE_OVERLAY_PERMISSIONintent action always bring users to a screen in system settings.
On Android 11 and higher, access to the non-resettable ICCIDs through the
getIccId()method is restricted. The method returns a non-null, empty string. To uniquely identify an installed SIM on the device, use the
getSubscriptionId()method instead. The Subscription ID provides an index value (starting at 1) for uniquely identifying installed SIMs, including physical and electronic. The value of this identifier is stable for a given SIM unless the device is factory reset.
To learn more, see the Privacy page.
Android 11 updates the platform with the Exposure Notifications System in mind. Users can now run Exposure Notifications apps on Android 11 without needing to turn on the device location setting. This is an exception for the Exposure Notifications System only, given that it has been designed in such a way that apps using it can’t infer device location through Bluetooth scanning.
To protect user privacy, all other apps are still prohibited from performing Bluetooth scanning unless the device location setting is on and the user has granted them location permission. You can read more in our Update on Exposure Notifications post.
SSL sockets use Conscrypt SSL engine by default
SSLSocket implementation is based on Conscrypt.
Since Android 11, that implementation is internally
built on top of Conscrypt's
Scudo Hardened Allocator
Android 11 uses the
Scudo Hardened Allocator
internally to service heap allocations. Scudo is capable of detecting and mitigating
some types of memory safety violations. If you are seeing Scudo-related crashes
Scudo ERROR:) in native crash reports, refer to the
App usage stats
To better protect users, Android 11 stores each user's app usage
stats in credential encrypted
neither the system nor any apps can access that data unless
true, which occurs after one of the following takes place:
- The user unlocks their device for the first time after a system startup.
- The user switches to their account on the device.
If your app already binds to an instance of
that you call methods on this object after the user unlocks their device.
Otherwise, the API now returns null or empty values.
Emulator support for 5G
Android 11 adds 5G APIs to enable
your apps to add cutting-edge features. To test the features as you add them,
you can use the new capabilities of the Android SDK
emulator. The new
functionality was added in Emulator version 30.0.22. Selecting the 5G network
modifies the estimated bandwidth, and allows you to set meteredness to verify
that your app responds appropriately to changes in
Performance and debugging
JobScheduler API call limits debugging
Android 11 offers debugging support for apps to identify
JobScheduler API invocations that have exceeded certain rate limits.
Developers can use this facility to identify potential performance issues. For
apps with the
debuggable manifest attribute set to true,
invocations beyond the rate limits will return
Limits are set such that legitimate use cases should not be affected.
File descriptor sanitizer (fdsan)
Android 10 introduced
fdsan (file descriptor sanitizer).
fdsan detects mishandling of file descriptor ownership, such as
use-after-close and double-close. The default mode for
fdsan is changing in
fdsan now aborts upon detecting an error; the
previous behavior was to log a warning and continue. If you're seeing crashes
fdsan in your application, refer to the
Non-SDK interface restrictions
Android 11 includes updated lists of restricted non-SDK interfaces based on collaboration with Android developers and the latest internal testing. Whenever possible, we make sure that public alternatives are available before we restrict non-SDK interfaces.
If your app does not target Android 11, some of these changes might not immediately affect you. However, while you can currently use some non-SDK interfaces (depending on your app's target API level), using any non-SDK method or field always carries a high risk of breaking your app.
If you are unsure if your app uses non-SDK interfaces, you can test your app to find out. If your app relies on non-SDK interfaces, you should begin planning a migration to SDK alternatives. Nevertheless, we understand that some apps have valid use cases for using non-SDK interfaces. If you cannot find an alternative to using a non-SDK interface for a feature in your app, you should request a new public API.
To learn more about the changes in this release of Android, see Updates to non-SDK interface restrictions in Android 11. To learn more about non-SDK interfaces generally, see Restrictions on non-SDK interfaces.
Maps v1 shared library removed
V1 of the Maps shared library has been completely removed in Android 11. This library was previously deprecated and stopped functioning for apps in Android 10. Apps that previously relied on this shared library for devices running Android 9 (API level 28) or lower should use the Maps SDK for Android instead.
Interaction with other apps
Share content URIs
If your app shares a content URI with another app, the intent must grant URI
by setting at least one of the following intent flags:
That way, if the other app targets Android 11, it can still access the content
URI. Your app must include the intent flags even when the content URI is
associated with a content provider that your app doesn't own.
If your app owns the content provider that's associated with the content URI, verify that the content provider isn't exported. We already recommend this security best practice.
Loading ICU common library with absolute path
Apps targeting API 28 and lower can not use
dlopen(3) to load
with the absolute path "/system/lib/libicuuc.so". For those apps,
dlopen("/system/lib/libicuuc.so", ...) will return a null handle.
Instead, to load the library, please use the library name as the filename, for