The Android Q platform includes behavior changes that may affect your app. The following behavior changes apply to all apps when they run on Android Q, regardless of 'targetSdkVersion'. You should test your app and then modify it as needed to support these properly, where applicable.
Make sure to also review the list of behavior changes that only affect apps targeting Android Q.
Non-SDK interface restrictions
To help ensure app stability and compatibility, the platform started restricting which non-SDK interfaces your app can use in Android 9 (API level 28). Android Q includes updated lists of restricted non-SDK interfaces based on collaboration with Android developers and the latest internal testing. Our goal is to make sure that public alternatives are available before we restrict non-SDK interfaces.
If you will not be targeting Android Q, some of these changes might not immediately affect you. However, while you can currently use non-SDK interfaces that are part of the greylist (depending on your app's target API level), using any non-SDK method or field always carries a high risk of breaking your app.
If you are unsure if your app uses non-SDK interfaces, you can test your app to find out. If your app relies on non-SDK interfaces, you should begin planning a migration to SDK alternatives. Nevertheless, we understand that some apps have valid use cases for using non-SDK interfaces. If you cannot find an alternative to using a non-SDK interface for a feature in your app, you should request a new public API.
To learn more, see Updates to non-SDK interface restrictions in Android Q and see Restrictions on non-SDK interfaces.
Android Q includes the following NDK changes.
Shared objects cannot contain text relocations
Android 6.0 (API level 23) disallowed use of the use of text relocations in shared objects. Code must be loaded as-is, and must not be modified. This change improves app load times and security.
In Android Q Beta 1 and 2, SELinux enforces this restriction on apps targeting Android 8.0 (API level 26) and higher. If such apps continue to use shared objects that contain text relocations, they are at high risk of breaking.
System binaries/libraries mapped to execute-only memory
Starting in Android Q, executable segments of system binaries and libraries are mapped into memory execute-only (non-readable) as a hardening technique against code-reuse attacks. Intentional and unintentional reads into memory segments marked as execute-only will throw a SIGSEGV -- whether from bug, vulnerability, or intentional memory introspection.
You can identify whether a crash was caused by this change by examining the
related tombstone file in
/data/tombstones/. An execute-only related crash
will contain the following abort message:
Cause: execute-only (no-read) memory access error; likely due to data in .text.
To work around this issue, developers may mark execute-only segments as
read+execute by calling
mprotect(), for example to perform memory
inspection. However, we strongly recommend setting it back to execute-only
afterwards as this provides better protection for your app and users.
ptrace are unaffected, so
is not impacted.
Android Q includes the following security change.
Removed execute permission for app home directory
Untrusted apps that target Android Q can no longer invoke
exec() on files
within the app's home directory. This execution of files from the writable app
home directory is a W^X
violation. Apps should load
only the binary code that's embedded within an app's APK file.
In addition, apps that target Android Q cannot in-memory modify executable code
from files which have been
dlopen()ed. This includes any shared object (
files with text relocations.
Wi-Fi Direct broadcasts
On Android Q, the following broadcasts related to Wi-Fi Direct are no longer sticky:
If your app has relied on receiving these broadcasts at registration because
they had been sticky, use the appropriate
get() method at initialization to
obtain the information instead.
SYSTEM_ALERT_WINDOW on Go devices
Apps running on Android Q (Go edition) devices cannot receive the
permission. This is because drawing overlay windows uses excessive memory,
which is particularly harmful to the performance of low-memory Android
If an app running on a Go edition device running Android 9 or lower receives the
SYSTEM_ALERT_WINDOW permission, the app retains the permission even if the
device is upgraded to Android Q. However, apps which do not already have that
permission cannot be granted it after the device is upgraded.
If an app on a Go device sends an intent with the action
the system automatically denies the request, and takes the user to a
Settings screen which says that the permission isn't allowed because it
slows the device. If an app on a Go device calls
the method always returns false. Again, these restrictions do not apply to apps
which received the
SYSTEM_ALERT_WINDOW permission before the device was
upgraded to Q.
Warnings for apps targeting older Android versions
In Android Q, the platform will warn users the first time they run any app that targets a platform version lower than Android 6.0 (API level 23). If the app requires the user to grant permissions, the user is also given an opportunity to adjust the app's permissions before the app is allowed to run for the first time.
Due to Google Play's target API requirements, a user would only see these warnings if they run an app that has not been updated recently. For apps that are distributed through other stores, similar target API requirements are also being introduced in 2019. For more information about these requirements, see Expanding target API level requirements in 2019.
SHA-2 CBC cipher suites removed
The following SHA-2 CBC cipher suites have been removed from the platform:
These cipher suites are less secure than the similar cipher suites that use GCM, and most servers either support both the GCM and CBC variants of these cipher suites or support neither of them.
Android Q introduces the following behavior changes related to app usage:
UsageStats app usage improvements -- Android Q now accurately tracks app usage with UsageStats when apps are used in split-screen or picture-in-picture mode. Additionally, Android Q can now track instant app usage.
Per-app grayscale -- Android Q can now set apps to a grayscale display mode.
Per-app distraction state -- Android Q can now selectively set apps to a "distraction state" where their notifications are suppressed and they will not appear as suggested apps.
Suspension and playback -- In Android Q, suspended apps are no longer able to play audio.
android.preference library is now deprecated
android.preference library is now deprecated. Developers should instead
use the AndroidX preference library, part of Android Jetpack. For
additional resources to aid in migration and development, check out the updated
Settings Guide along with our
public sample app and