Here’s what it means for users and developers.
With each new OS version, new things, upgrades, deprecations and changes are introduced, affecting the way we use and develop our apps. Google keeps going in the direction of more privacy, more accessibility and more control over what the apps can do to maximize security and integrity. Android 14 is no exception and here’s what I compiled on different topics that I will try to vulgarize to keep everyone on board.
Technical changes build over features and APIs already introduced in previous versions, mostly Android 12 and 13. They tend to modernize tools by catching up with some Java features and semantics, helping manufacturers and improving the developers’ IDE to embrace those changes. Due to the nature of the changes, this is the topic that has to remain…technical, sorry for that.
- Mobile screens are getting bigger with more ratios to support, we’re moving further and further away from the binary world of phone vs tablet. To ensure the best experience on this wide range of devices, Android 14 introduces the
Large Screen Compatibility Modeto help manufacturers improve the experience on their devices.
- Updates to OpenJDK17 may require a bit of attention from apps using
Regexthat are not close enough to openJDK’s new semantics, throwing exceptions when confronted to an invalid groupe reference.
- Generating a
UUIDfrom a string sees the validation become stricter and will now lead to exceptions due to deserialization issues. More than ever, it’s time to unit test UUID generation.
- A bit of additional ruling may be needed to fix Proguard issues when shrinking / obfuscating code involving the
ClassValueclass coming with
- The new
Back APIsare now strengthened by built-in animations and support for custom ones.
- Making the
ForegroundServicetype explicit is now mandatory, if the implementation was already properly done back in the Android 10 days when it was introduced, congratulations, nothing to do here.
- Foreground services are also encouraged to be migrated to user-initiated jobs. A new
RUN_USER_INITIATED_JOBSpermission is introduced and new methods on the
JobInfobuilder allow to set the
userInitiated()status along with the estimated amount of bytes the job will expect from the network. Scheduling the job is now done with the app foregrounded and the notification icon system remains the same so the user knows something is going on even if the app is backgrounded post launch.
Battery and performance
Without a single ounce of surprise, Google continues its effort to improve battery life and takes steps towards sanctioning bad actors that publish battery-draining or unstable apps. Today, not crashing is no longer enough, developers should take steps to push their app to their full potential and that means power management and performance monitoring.
- Bad behaviours like
ANRs (screen freezes)or
background crashesnow more aggressively flag the guilty apps and put them at the bottom of the priority list where apps are fighting for resources, meaning they’ll also be the first to go if the system needs some. No more filtering out
ANRsand non-fatal crashes on Crashlytics, everything matters now.
- While on the subject of fighting for resources, let’s also note that now,
context-registered broadcastsare now queued when the app is backgrounded and the system will deliver them when the app is awake or system conditions allow it.
- Another change to the cached state (aka when the app is backgrounded) impacts background tasks that can no longer be triggered unless one of the app components is awake. This change pushes devs to use framework’s
WorkManagermore as they aren’t impacted by this change.
- Still with
Jobscheduler, jobs don’t just fail silently anymore if they don’t respond in time but trigger an
ANR, it is advised to move to
WorkManagerwith its out of the box async support.
- If a job requires a special network state to be triggered, the
ACCESS_NETWORK_STATEpermission is now mandatory. Without it, a
SecurityExceptionwill be raised.
Intentskeep getting more and more headache prone as the implicit and pending intents now can only be delivered to exported components. If you need to reach an unexported component, explicit intent is your go-to solution. Note that mutable pending intents now need to specify a component or it will throw an exception.
Finding the right balance between informative presence and in-your-face nuisance has always been a challenge for notifications and it seems Google keeps pushing to make them less invasive and easier for the user to dismiss or delay them.
Fullscreen Intentnotifications that we see when our clock rings or when we receive a phone call are luckily already rarely used. They are now more restricted and available only to apps declaring
Alarmfeatures, meaning we shouldn’t see bad actors abusing this feature that would allow them to bypass the lock screen amongst other things.
foreground notificationsare now dismissible in some cases but will remain non-dismissible
- on top of the
Lock Screento prevent it from being swiped by anyone accessing a device behind the owner’s back.
- from the
Clear allfeature to prevent misclicks.
- on top of the
Privacy and security
This is, once again without surprise, where a lot of the changes happen and it is aligned with Google’s vision and goals when it comes to give users back the control of their data and permissions. Some of them seem so obvious that it’s surprising to see them in action only now. Maybe the EU pressure with GDPR starts to pay off? Maybe…
- Android 14 introduces new places where the data sharing purposes are displayed. Until now, we could only check them from the PlayStore app page.
Now, it will also be displayed in the
runtime permission popups, starting with those related to location to remind why the data is necessary and with whom it will be shared.
- It will now be impossible to install apps that don’t target at least the
API 23to prevent bad actors from exploiting security breaches discovered inside older Android versions. Be aware that installed apps won’t be removed and the system won’t warn you when starting one of those apps, maybe a new feature for Android 15?
Dynamic Code Loadingnow requires to flag the file as read-only to avoid any tampering or code injection. In any case, DCL should be avoided when possible and only trusted files should obviously be loaded this way.
- When saving a file inside the app storage, the system attributes to the file an owner id, this id being the app package name that saved it. This feature allows apps to know which file they can open without requesting the external read permission. The issue was that by querying this id, other apps could access the owner ids that weren’t them and deducting the owner’s installed apps list. To fix this, the name is now redacted, increasing again a little bit the user data protection, the list of the installed apps being considered a sensitive data by Google.
- If an app features
audio recording, it is now required to be granted the user consent to do so before each session start and therefore be able to handle permission denied scenarios.
- Zip files are also impacted as a fixed vulnerability with the
path transversal readingnow triggers an exception if some characters are found inside it. (Contains
..Or starts with
- Even though already required, the
BLUETOOTH_CONNECTpermission was not yet enforced to access the profile state, it is now the case.
- Users are no more required to grant access to all
videosto share or display a single media, Android 14 now upgrades the permission popup with an option to select only the media the app is allowed to access.
- Apps can now react to a user
screenshotevent, they can’t manipulate the content but developers can now add a callback bound to the activity lifecycle. Sensitive screens should still be protected with the secure flag.
- Starting activities from the background with a
pending intentor through another app in the foreground now requires the app to opt-in to this feature inside said activity and is no longer a default behaviour.
It is no secret that mobile devices are now owned by more and more people every year, which includes people with a range of disabilities or personalities that may make an app usage more challenging. Android 14 helps them with new and upgraded features to ease their journey with a mobile device.
- A step is taken towards low-vision users’ direction, the changes and impacts to the
font scalingshould be negligible to developers already properly using
SPas their size units but a full testing pass with the scaling enabled should be scheduled to be safe and tweak improvable screens.
- New tools inside Android studio are added to help developers handling
per-app languagemore efficiently and easily.
Grammatical Inflection APIis introduced, offering developers working on apps with gendered languages new tools. It adds a layer of complexity to the strings files by having three gender-files by gendered language. In those files are added only the strings affected by gender inflections like
Vous êtes déconnectéfor masculine,
Vous êtes déconnectéefor feminine or
La déconnection est effectivefor neutral in french. More work for developers and translators but an overall better experience for users.
All in all, Android 14 is an update faithful to the Google roadmap. Users today are very different than users 10 years ago. They care more about their data and their privacy; the Mobile ecosystem and business is also a lot more professional. It’s important for us developers to be aware of those changes in order to continuously improve the experience, be it related to our core business or simply to keep the user engaged in a safe environment.
When this article is released, Android 14 should be freshly out and developer teams hands deep in the migration tasks. I hope you enjoyed the information and see you soon for more Android related articles!