Stay organized with collections
Save and categorize content based on your preferences.
Android Advanced Protection Mode (AAPM) is a new feature aimed at enhancing the
security of Android devices for at-risk users. It functions as a single setting
that implements a set of pre-determined configurations designed to bolster
device protection. AAPM prioritizes security over some potentially diminished
functionality and usability, meaning some features might be restricted to
minimize the attack surface.
Impact
The impact towards developers is described in the following:
Functionality: AAPM operates as a single setting that activates a collection
of security configurations designed to enhance the protection of at-risk users'
devices. It will introduce changes to the behavior of certain services, which
app developers will need to address.
Signal to Subscribed Apps: Upon a user enabling AAPM, a signal will be
transmitted to all subscribed applications. This signal is a notification to
these applications to adapt to the altered behavior of the features enabled
by AAPM.
App Modifications: Developers of subscribed applications are required to
modify their apps to comply with the behavioral changes triggered by AAPM.
Examples of such modifications include:
Adjusting app logic to accommodate the disabling of 2G and WEP network
connections.
Modifying app behavior to align with the prevention of sideloading.
Adapting to the presence of forensic logging.
Adjusting functionalities related to call handling due to the blocking of
calls from unknown numbers.
Integrating with or accommodating spam protection mechanisms for links
within messaging apps.
Including additional mitigations from app developers to further protect
at-risk users.
Target Audience: Primarily, AAPM is anticipated to affect apps that
incorporate security features tailored for users with heightened security
awareness. These apps stand to benefit from automatic activation when a user
opts for AAPM.
Integrate with AAPM
In order to use the relevant APIs the following permission needs to be declared
The following APIs are from the newly introduced AdvanceProtectionManager
system service.
publicclassAdvancedProtectionManager(){// Check the current statuspublicbooleanisAdvancedProtectionEnabled();// Be alerted when status changespublicvoidregisterAdvancedProtectionCallback(Executorexecutor,Callbackcallback);publicvoidunregisterAdvancedProtectionCallback(Callbackcallback);}publicclassCallback(){// Called when advanced protection state changesvoidonAdvancedProtectionChanged(booleanenabled);}
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2025-05-18 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-18 UTC."],[],[],null,["# Advanced Protection Mode\n\nAndroid Advanced Protection Mode (AAPM) is a new feature aimed at enhancing the\nsecurity of Android devices for at-risk users. It functions as a single setting\nthat implements a set of pre-determined configurations designed to bolster\ndevice protection. AAPM prioritizes security over some potentially diminished\nfunctionality and usability, meaning some features might be restricted to\nminimize the attack surface.\n\nImpact\n------\n\nThe impact towards developers is described in the following:\n\n- Functionality: AAPM operates as a single setting that activates a collection of security configurations designed to enhance the protection of at-risk users' devices. It will introduce changes to the behavior of certain services, which app developers will need to address.\n- Signal to Subscribed Apps: Upon a user enabling AAPM, a signal will be transmitted to all subscribed applications. This signal is a notification to these applications to adapt to the altered behavior of the features enabled by AAPM.\n- App Modifications: Developers of subscribed applications are required to modify their apps to comply with the behavioral changes triggered by AAPM. Examples of such modifications include:\n - Adjusting app logic to accommodate the disabling of 2G and WEP network connections.\n - Modifying app behavior to align with the prevention of sideloading.\n - Adapting to the presence of forensic logging.\n - Adjusting functionalities related to call handling due to the blocking of calls from unknown numbers.\n - Integrating with or accommodating spam protection mechanisms for links within messaging apps.\n - Including additional mitigations from app developers to further protect at-risk users.\n- Target Audience: Primarily, AAPM is anticipated to affect apps that incorporate security features tailored for users with heightened security awareness. These apps stand to benefit from automatic activation when a user opts for AAPM.\n\nIntegrate with AAPM\n-------------------\n\nIn order to use the relevant APIs the following permission needs to be declared \n\n \u003cuses-permission android:name=\"android.permission.QUERY_ADVANCED_PROTECTION_MODE\" /\u003e\n\nThe following APIs are from the newly introduced `AdvanceProtectionManager`\nsystem service. \n\n public class AdvancedProtectionManager() {\n // Check the current status\n public boolean isAdvancedProtectionEnabled();\n\n // Be alerted when status changes\n public void registerAdvancedProtectionCallback(Executor executor, Callback callback);\n\n public void unregisterAdvancedProtectionCallback(Callback callback);\n }\n\n public class Callback() {\n // Called when advanced protection state changes\n void onAdvancedProtectionChanged(boolean enabled);\n }\n\n| **Note:** When an application terminates, its registered callbacks are removed. Because a terminated application cannot resume and receive AAPM status changes, it's best to register callbacks during the app's initialization phase. Additionally, perform an on-demand AAPM status query during initialization to ensure you have the current state."]]
