This document enumerates the requirements that must be met in order for devices to be compatible with Android 9.
The use of “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” is per the IETF standard defined in RFC2119.
As used in this document, a “device implementer” or “implementer” is a person or organization developing a hardware/software solution running Android 9. A “device implementation” or “implementation" is the hardware/software solution so developed.
To be considered compatible with Android 9, device implementations MUST meet the requirements presented in this Compatibility Definition, including any documents incorporated via reference.
Where this definition or the software tests described in section 10 are silent, ambiguous, or incomplete, it is the responsibility of the device implementer to ensure compatibility with existing implementations.
For this reason, the Android Open Source Project is both the reference and preferred implementation of Android. Device implementers are STRONGLY RECOMMENDED to base their implementations to the greatest extent possible on the “upstream” source code available from the Android Open Source Project. While some components can hypothetically be replaced with alternate implementations, it is STRONGLY RECOMMENDED to not follow this practice, as passing the software tests will become substantially more difficult. It is the implementer’s responsibility to ensure full behavioral compatibility with the standard Android implementation, including and beyond the Compatibility Test Suite. Finally, note that certain component substitutions and modifications are explicitly forbidden by this document.
Many of the resources linked to in this document are derived directly or indirectly from the Android SDK and will be functionally identical to the information in that SDK’s documentation. In any cases where this Compatibility Definition or the Compatibility Test Suite disagrees with the SDK documentation, the SDK documentation is considered authoritative. Any technical details provided in the linked resources throughout this document are considered by inclusion to be part of this Compatibility Definition.
Section 2 contains all of the requirements that apply to a specific device type. Each subsection of Section 2 is dedicated to a specific device type.
All the other requirements, that universally apply to any Android device implementations, are listed in the sections after Section 2. These requirements are referenced as "Core Requirements" in this document.
Requirement ID is assigned for MUST requirements.
Each ID is defined as below:
The Requirement ID in Section 2 starts with the corresponding section ID that is followed by the Requirement ID described above.
While the Android Open Source Project provides a software stack that can be used for a variety of device types and form factors, there are a few device types that have a relatively better established application distribution ecosystem.
This section describes those device types, and additional requirements and recommendations applicable for each device type.
All Android device implementations that do not fit into any of the described device types MUST still meet all requirements in the other sections of this Compatibility Definition.
For the major differences in hardware configuration by device type, see the device-specific requirements that follow in this section.
An Android Handheld device refers to an Android device implementation that is typically used by holding it in the hand, such as an mp3 player, phone, or tablet.
Android device implementations are classified as a Handheld if they meet all the following criteria:
The additional requirements in the rest of this section are specific to Android Handheld device implementations.
Handheld device implementations:
If Handheld device implementations claim support for high dynamic range displays through Configuration.isScreenHdr()
, they:
EGL_EXT_gl_colorspace_bt2020_pq
, EGL_EXT_surface_SMPTE2086_metadata
, EGL_EXT_surface_CTA861_3_metadata
, VK_EXT_swapchain_colorspace
, and VK_EXT_hdr_metadata
extensions.
Handheld device implementations:
KEYCODE_BACK
) to the foreground application. These events MUST NOT be consumed by the system and CAN be triggered by outside of the Android device (e.g. external hardware keyboard connected to the Android device).
ACTION_ASSIST
on long-press of KEYCODE_MEDIA_PLAY_PAUSE
or KEYCODE_HEADSETHOOK
if the foreground activity does not handle those long-press events.
If Handheld device implementations include a 3-axis accelerometer, they:
If Handheld device implementations include a gyroscope, they:
Handheld device implementations that can make a voice call and indicate any value other than PHONE_TYPE_NONE
in getPhoneType
:
Handheld device implementations:
If Handheld device implementations include a metered connection, they:
Handheld device implementations:
ActivityManager.isLowRamDevice()
when there is less than 1GB of memory available to the kernel and userspace.
If Handheld device implementations are 32-bit:
[7.6.1/H-1-1] The memory available to the kernel and userspace MUST be at least 512MB if any of the following densities are used:
[7.6.1/H-2-1] The memory available to the kernel and userspace MUST be at least 608MB if any of the following densities are used:
[7.6.1/H-3-1] The memory available to the kernel and userspace MUST be at least 896MB if any of the following densities are used:
[7.6.1/H-4-1] The memory available to the kernel and userspace MUST be at least 1344MB if any of the following densities are used:
If Handheld device implementations are 64-bit:
[7.6.1/H-5-1] The memory available to the kernel and userspace MUST be at least 816MB if any of the following densities are used:
[7.6.1/H-6-1] The memory available to the kernel and userspace MUST be at least 944MB if any of the following densities are used:
[7.6.1/H-7-1] The memory available to the kernel and userspace MUST be at least 1280MB if any of the following densities are used:
[7.6.1/H-8-1] The memory available to the kernel and userspace MUST be at least 1824MB if any of the following densities are used:
Note that the "memory available to the kernel and userspace" above refers to the memory space provided in addition to any memory already dedicated to hardware components such as radio, video, and so on that are not under the kernel’s control on device implementations.
Handheld device implementations:
If handheld device implementations include a USB port supporting peripheral mode, they:
Handheld device implementations:
android.hardware.audio.output
.
If Handheld device implementations are capable of meeting all the performance requirements for supporting VR mode and include support for it, they:
android.hardware.vr.high_performance
feature flag.
android.service.vr.VrListenerService
that can be enabled by VR applications via android.app.Activity#setVrModeEnabled
.
Handheld device implementations MUST support the following audio encoding:
Handheld device implementations MUST support the following audio decoding:
Handheld device implementations MUST support the following video encoding and make it available to third-party applications:
Handheld device implementations MUST support the following video decoding:
Handheld device implementations:
ACTION_GET_CONTENT
, ACTION_OPEN_DOCUMENT
, ACTION_OPEN_DOCUMENT_TREE
, and ACTION_CREATE_DOCUMENT
intents as described in the SDK documents, and provide the user affordance to access the document provider data by using DocumentsProvider
API.
android.webkit.Webview
API.
Notification
and NotificationManager
API classes.
RemoteInput.Builder setChoices()
in the notification shade.
RemoteInput.Builder setChoices()
in the notification shade without additional user interaction.
RemoteInput.Builder setChoices()
in the notification shade when the user expands all notifications in the notification shade.
If Handheld device implementations support Assist action, they:
HOME
key as the designated interaction to launch the assist app as described in section 7.2.3. MUST launch the user-selected assist app, in other words the app that implements VoiceInteractionService
, or an activity handling the ACTION_ASSIST
intent.
If Android Handheld device implementations support a lock screen, they:
If Handheld device implementations support a secure lock screen, they:
android.software.managed_users
feature flag, except when the device is configured so that it would report itself as a low RAM device or so that it allocates internal (non-removable) storage as shared storage.
Handheld device implementations:
If Android handheld device implementations declare FEATURE_BLUETOOTH
or FEATURE_WIFI
support, they:
Handheld device implementations:
If Handheld device implementations include features to improve device power management that are included in AOSP or extend the features that are included in AOSP, they:
Handheld device implementations:
uid_cputime
kernel module implementation.
adb shell dumpsys batterystats
shell command to the app developer.
If Handheld device implementations include a screen or video output, they:
android.intent.action.POWER_USAGE_SUMMARY
intent and display a settings menu that shows this power usage.
Handheld device implementations:
android.permission.PACKAGE_USAGE_STATS
permission and provide a user-accessible mechanism to grant or revoke access to such apps in response to the android.settings.ACTION_USAGE_ACCESS_SETTINGS
intent.
When Handheld device implementations support a secure lock screen, they:
An Android Television device refers to an Android device implementation that is an entertainment interface for consuming digital media, movies, games, apps, and/or live TV for users sitting about ten feet away (a “lean back” or “10-foot user interface”).
Android device implementations are classified as a Television if they meet all the following criteria:
The additional requirements in the rest of this section are specific to Android Television device implementations.
Television device implementations:
KEYCODE_BACK
) to the foreground application.
android.hardware.gamepad
feature flag.
If Television device implementations include a gyroscope, they:
Television device implementations:
If Television device implementations include a USB port that supports host mode, they:
If TV device implementations are 32-bit:
[7.6.1/T-1-1] The memory available to the kernel and userspace MUST be at least 896MB if any of the following densities are used:
If TV device implementations are 64-bit:
[7.6.1/T-2-1] The memory available to the kernel and userspace MUST be at least 1280MB if any of the following densities are used:
Note that the "memory available to the kernel and userspace" above refers to the memory space provided in addition to any memory already dedicated to hardware components such as radio, video, and so on that are not under the kernel’s control on device implementations.
Television device implementations:
android.hardware.audio.output
.
Television device implementations MUST support the following audio encoding formats:
Television device implementations MUST support the following video encoding formats:
Television device implementations:
Television device implementations MUST support the following video decoding formats:
Television device implementations are STRONGLY RECOMMENDED to support the following video decoding formats:
Television device implementations MUST support H.264 decoding, as detailed in Section 5.3.4, at standard video frame rates and resolutions up to and including:
Television device implementations with H.265 hardware decoders MUST support H.265 decoding, as detailed in Section 5.3.5, at standard video frame rates and resolutions up to and including:
If Television device implementations with H.265 hardware decoders support H.265 decoding and the UHD decoding profile, they:
Television device implementations MUST support VP8 decoding, as detailed in Section 5.3.6, at standard video frame rates and resolutions up to and including:
Television device implementations with VP9 hardware decoders MUST support VP9 decoding, as detailed in Section 5.3.7, at standard video frame rates and resolutions up to and including:
If Television device implementations with VP9 hardware decoders support VP9 decoding and the UHD decoding profile, they:
Television device implementations:
If Television device implementations support UHD decoding and have support for external displays, they:
If Television device implementations do not support UHD decoding but have support for external displays, they:
Television device implementations:
android.software.leanback
and android.hardware.type.television
.
android.webkit.Webview
API.
If Android Television device implementations support a lock screen,they:
Television device implementations:
If Television device implementations report the feature android.hardware.audio.output
, they:
Television device implementations:
If Television device implementations include features to improve device power management that are included in AOSP or extend the features that are included in AOSP, they:
Television device implementations:
uid_cputime
kernel module implementation.
adb shell dumpsys batterystats
shell command to the app developer.
An Android Watch device refers to an Android device implementation intended to be worn on the body, perhaps on the wrist.
Android device implementations are classified as a Watch if they meet all the following criteria:
The additional requirements in the rest of this section are specific to Android Watch device implementations.
Watch device implementations:
[7.1.1.1/W-0-1] MUST have a screen with the physical diagonal size in the range from 1.1 to 2.5 inches.
[7.2.3/W-0-1] MUST have the Home function available to the user, and the Back function except for when it is in UI_MODE_TYPE_WATCH
.
[7.2.4/W-0-1] MUST support touchscreen input.
[7.3.1/W-SR] Are STRONGLY RECOMMENDED to include a 3-axis accelerometer.
[7.4.3/W-0-1] MUST support Bluetooth.
[7.6.1/W-0-1] MUST have at least 1 GB of non-volatile storage available for application private data (a.k.a. "/data" partition).
[7.6.1/W-0-2] MUST have at least 416 MB memory available to the kernel and userspace.
[7.8.1/W-0-1] MUST include a microphone.
[7.8.2/W] MAY but SHOULD NOT have audio output.
No additional requirements.
Watch device implementations:
android.hardware.type.watch
.
Watch device implementations:
Watch device implementations that declare the android.hardware.audio.output
feature flag:
If Watch device implementations report the feature android.hardware.audio.output, they:
[3.11/W-SR] Are STRONGLY RECOMMENDED to include a TTS engine supporting the languages available on the device.
[3.11/W-0-1] MUST support installation of third-party TTS engines.
If Watch device implementations include features to improve device power management that are included in AOSP or extend the features that are included in AOSP, they:
Watch device implementations:
uid_cputime
kernel module implementation.
adb shell dumpsys batterystats
shell command to the app developer.
Android Automotive implementation refers to a vehicle head unit running Android as an operating system for part or all of the system and/or infotainment functionality.
Android device implementations are classified as an Automotive if they declare the feature android.hardware.type.automotive
or meet all the following criteria.
The additional requirements in the rest of this section are specific to Android Automotive device implementations.
Automotive device implementations:
[7.1.1.1/A-0-2] MUST have a screen size layout of at least 750 dp x 480 dp.
[7.2.3/A-0-1] MUST provide the Home function and MAY provide Back and Recent functions.
[7.2.3/A-0-2] MUST send both the normal and long press event of the Back function (KEYCODE_BACK
) to the foreground application.
[7.3.1/A-SR] Are STRONGLY RECOMMENDED to include a 3-axis accelerometer.
If Automotive device implementations include a 3-axis accelerometer, they:
If Automotive device implementations include a GPS/GNSS receiver and report the capability to applications through the android.hardware.location.gps
feature flag:
If Automotive device implementations include a gyroscope, they:
Automotive device implementations:
SENSOR_TYPE_GEAR
.
Automotive device implementations:
SENSOR_TYPE_NIGHT
.
SENSOR_TYPE_NIGHT
flag MUST be consistent with dashboard day/night mode and SHOULD be based on ambient light sensor input.
The underlying ambient light sensor MAY be the same as Photometer.
[7.3.11.4/A-0-1] MUST provide vehicle speed as defined by SENSOR_TYPE_CAR_SPEED
.
[7.3.11.5/A-0-1] MUST provide parking brake status as defined by SENSOR_TYPE_PARKING_BRAKE
.
[7.4.3/A-0-1] MUST support Bluetooth and SHOULD support Bluetooth LE.
[7.4.3/A-SR] Are STRONGLY RECOMMENDED to support Message Access Profile (MAP).
[7.4.5/A] SHOULD include support for cellular network-based data connectivity.
[7.4.5/A] MAY use the System API NetworkCapabilities#NET_CAPABILITY_OEM_PAID
constant for networks that should be available to system apps.
[7.6.1/A-0-1] MUST have at least 4 GB of non-volatile storage available for application private data (a.k.a. "/data" partition).
Automotive device implementations:
f2fs
file-system.
If Automotive device implementations provide shared external storage via a portion of the internal non-removable storage, they:
SDCardFS
.
If Automotive device implementations are 32-bit:
[7.6.1/A-1-1] The memory available to the kernel and userspace MUST be at least 512MB if any of the following densities are used:
[7.6.1/A-1-2] The memory available to the kernel and userspace MUST be at least 608MB if any of the following densities are used:
[7.6.1/A-1-3] The memory available to the kernel and userspace MUST be at least 896MB if any of the following densities are used:
[7.6.1/A-1-4] The memory available to the kernel and userspace MUST be at least 1344MB if any of the following densities are used:
If Automotive device implementations are 64-bit:
[7.6.1/A-2-1] The memory available to the kernel and userspace MUST be at least 816MB if any of the following densities are used:
[7.6.1/A-2-2] The memory available to the kernel and userspace MUST be at least 944MB if any of the following densities are used:
[7.6.1/A-2-3] The memory available to the kernel and userspace MUST be at least 1280MB if any of the following densities are used:
[7.6.1/A-2-4] The memory available to the kernel and userspace MUST be at least 1824MB if any of the following densities are used:
Note that the "memory available to the kernel and userspace" above refers to the memory space provided in addition to any memory already dedicated to hardware components such as radio, video, and so on that are not under the kernel’s control on device implementations.
Automotive device implementations:
Automotive device implementations:
Automotive device implementations:
android.hardware.audio.output
.
Automotive device implementations MUST support the following audio encoding:
Automotive device implementations MUST support the following video encoding:
Automotive device implementations MUST support the following video decoding:
Automotive device implementations are STRONGLY RECOMMENDED to support the following video decoding:
Automotive device implementations:
[3/A-0-1] MUST declare the feature android.hardware.type.automotive
.
[3/A-0-2] MUST support uiMode = UI_MODE_TYPE_CAR
.
[3/A-0-3] MUST support all public APIs in the android.car.*
namespace.
[3.4.1/A-0-1] MUST provide a complete implementation of the android.webkit.Webview
API.
[3.8.3/A-0-1] MUST display notifications that use the Notification.CarExtender
API when requested by third-party applications.
[3.8.4/A-0-1] MUST implement an assistant on the device that provides a default implementation of the VoiceInteractionSession
service.
[3.13/A-SR] Are STRONGLY RECOMMENDED to include a Quick Settings UI component.
If Automotive device implementations include a push-to-talk button, they:
VoiceInteractionService
.
Automotive device implementations:
If Automotive device implementations include features to improve device power management that are included in AOSP or extend the features that are included in AOSP, they:
Automotive device implementations:
android.car.storagemonitoring.CarStorageMonitoringManager
. The Android Open Source Project meets the requirement through the uid_sys_stats
kernel module.
uid_cputime
kernel module implementation.
adb shell dumpsys batterystats
shell command to the app developer.
If Automotive device implementations support multiple users, they:
If Automotive device implementations support a secure lock screen, they:
Automotive device implementations:
An Android Tablet device refers to an Android device implementation that is typically used by holding in both hands and not in a clamshell form-factor.
Android device implementations are classified as a Tablet if they meet all the following criteria:
Tablet device implementations have similar requirements to handheld device implementations. The exceptions are in indicated by an * in that section and noted for reference in this section.
Screen Size
Minimum Memory and Storage (Section 7.6.1)
The screen densities listed for small/normal screens in the handheld requirements are not applicable to tablets.
USB peripheral mode (Section 7.7.1)
If tablet device implementations include a USB port supporting peripheral mode, they:
Virtual Reality Mode (Section 7.9.1)
Virtual Reality High Performance (Section 7.9.2)
Virtual reality requirements are not applicable to tablets.
The managed Dalvik bytecode execution environment is the primary vehicle for Android applications. The Android application programming interface (API) is the set of Android platform interfaces exposed to applications running in the managed runtime environment.
Device implementations:
[C-0-1] MUST provide complete implementations, including all documented behaviors, of any documented API exposed by the Android SDK or any API decorated with the “@SystemApi” marker in the upstream Android source code.
[C-0-2] MUST support/preserve all classes, methods, and associated elements marked by the TestApi annotation (@TestApi).
[C-0-3] MUST NOT omit any managed APIs, alter API interfaces or signatures, deviate from the documented behavior, or include no-ops, except where specifically allowed by this Compatibility Definition.
[C-0-4] MUST still keep the APIs present and behave in a reasonable way, even when some hardware features for which Android includes APIs are omitted. See section 7 for specific requirements for this scenario.
[C-0-5] MUST restrict the use of 3rd-party app usage of hidden APIs, defined as APIs in the android namespace decorated with the @hidden
annotation but not with a @SystemAPI
or @TestApi
, as described in the SDK documents and ship with each and every hidden API on the same restricted lists as provided via the light-greylist, dark-greylist, and blacklist files in the prebuilts/runtime/appcompat/
path for the appropriate API level branch in the AOSP. However they:
Android includes the support of extending the managed APIs while keeping the same API level version.
ExtShared
and services ExtServices
with versions higher than or equal to the minimum versions allowed per each API level. For example, Android 7.0 device implementations, running API level 24 MUST include at least version 1.
Due to Apache HTTP client deprecation, device implementations:
org.apache.http.legacy
library in the bootclasspath.
org.apache.http.legacy
library to the application classpath only when the app satisfies one of the following conditions:
android:name
attribute of <uses-library>
to org.apache.http.legacy
.
The AOSP implementation meets these requirements.
In addition to the managed APIs from section 3.1, Android also includes a significant runtime-only “soft” API, in the form of such things as intents, permissions, and similar aspects of Android applications that cannot be enforced at application compile time.
The Android APIs include a number of constants on the android.os.Build class that are intended to describe the current device.
Parameter | Details |
---|---|
VERSION.RELEASE | The version of the currently-executing Android system, in human-readable format. This field MUST have one of the string values defined in 9. |
VERSION.SDK | The version of the currently-executing Android system, in a format accessible to third-party application code. For Android 9, this field MUST have the integer value 9_INT. |
VERSION.SDK_INT | The version of the currently-executing Android system, in a format accessible to third-party application code. For Android 9, this field MUST have the integer value 9_INT. |
VERSION.INCREMENTAL | A value chosen by the device implementer designating the specific build of the currently-executing Android system, in human-readable format. This value MUST NOT be reused for different builds made available to end users. A typical use of this field is to indicate which build number or source-control change identifier was used to generate the build. There are no requirements on the specific format of this field, except that it MUST NOT be null or the empty string (""). |
BOARD | A value chosen by the device implementer identifying the specific internal hardware used by the device, in human-readable format. A possible use of this field is to indicate the specific revision of the board powering the device. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9_-]+$”. |
BRAND | A value reflecting the brand name associated with the device as known to the end users. MUST be in human-readable format and SHOULD represent the manufacturer of the device or the company brand under which the device is marketed. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9_-]+$”. |
SUPPORTED_ABIS | The name of the instruction set (CPU type + ABI convention) of native code. See section 3.3. Native API Compatibility. |
SUPPORTED_32_BIT_ABIS | The name of the instruction set (CPU type + ABI convention) of native code. See section 3.3. Native API Compatibility. |
SUPPORTED_64_BIT_ABIS | The name of the second instruction set (CPU type + ABI convention) of native code. See section 3.3. Native API Compatibility. |
CPU_ABI | The name of the instruction set (CPU type + ABI convention) of native code. See section 3.3. Native API Compatibility. |
CPU_ABI2 | The name of the second instruction set (CPU type + ABI convention) of native code. See section 3.3. Native API Compatibility. |
DEVICE | A value chosen by the device implementer containing the development name or code name identifying the configuration of the hardware features and industrial design of the device. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9_-]+$”. This device name MUST NOT change during the lifetime of the product. |
FINGERPRINT |
A string that uniquely identifies this build. It SHOULD be reasonably human-readable. It MUST follow this template:
$(BRAND)/$(PRODUCT)/ For example:
acme/myproduct/ The fingerprint MUST NOT include whitespace characters. If other fields included in the template above have whitespace characters, they MUST be replaced in the build fingerprint with another character, such as the underscore ("_") character. The value of this field MUST be encodable as 7-bit ASCII. |
HARDWARE | The name of the hardware (from the kernel command line or /proc). It SHOULD be reasonably human-readable. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9_-]+$”. |
HOST | A string that uniquely identifies the host the build was built on, in human-readable format. There are no requirements on the specific format of this field, except that it MUST NOT be null or the empty string (""). |
ID | An identifier chosen by the device implementer to refer to a specific release, in human-readable format. This field can be the same as android.os.Build.VERSION.INCREMENTAL, but SHOULD be a value sufficiently meaningful for end users to distinguish between software builds. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9._-]+$”. |
MANUFACTURER | The trade name of the Original Equipment Manufacturer (OEM) of the product. There are no requirements on the specific format of this field, except that it MUST NOT be null or the empty string (""). This field MUST NOT change during the lifetime of the product. |
MODEL | A value chosen by the device implementer containing the name of the device as known to the end user. This SHOULD be the same name under which the device is marketed and sold to end users. There are no requirements on the specific format of this field, except that it MUST NOT be null or the empty string (""). This field MUST NOT change during the lifetime of the product. |
PRODUCT | A value chosen by the device implementer containing the development name or code name of the specific product (SKU) that MUST be unique within the same brand. MUST be human-readable, but is not necessarily intended for view by end users. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9_-]+$”. This product name MUST NOT change during the lifetime of the product. |
SERIAL | MUST return "UNKNOWN". |
TAGS | A comma-separated list of tags chosen by the device implementer that further distinguishes the build. This field MUST have one of the values corresponding to the three typical Android platform signing configurations: release-keys, dev-keys, test-keys. |
TIME | A value representing the timestamp of when the build occurred. |
TYPE | A value chosen by the device implementer specifying the runtime configuration of the build. This field MUST have one of the values corresponding to the three typical Android runtime configurations: user, userdebug, or eng. |
USER | A name or user ID of the user (or automated user) that generated the build. There are no requirements on the specific format of this field, except that it MUST NOT be null or the empty string (""). |
SECURITY_PATCH | A value indicating the security patch level of a build. It MUST signify that the build is not in any way vulnerable to any of the issues described up through the designated Android Public Security Bulletin. It MUST be in the format [YYYY-MM-DD], matching a defined string documented in the Android Public Security Bulletin or in the Android Security Advisory, for example "2015-11-01". |
BASE_OS | A value representing the FINGERPRINT parameter of the build that is otherwise identical to this build except for the patches provided in the Android Public Security Bulletin. It MUST report the correct value and if such a build does not exist, report an empty string (""). |
BOOTLOADER | A value chosen by the device implementer identifying the specific internal bootloader version used in the device, in human-readable format. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9._-]+$”. |
getRadioVersion() | MUST (be or return) a value chosen by the device implementer identifying the specific internal radio/modem version used in the device, in human-readable format. If a device does not have any internal radio/modem it MUST return NULL. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9._-,]+$”. |
getSerial() | MUST (be or return) a hardware serial number, which MUST be available and unique across devices with the same MODEL and MANUFACTURER. The value of this field MUST be encodable as 7-bit ASCII and match the regular expression “^[a-zA-Z0-9._-,]+$”. |
Android intents allow application components to request functionality from other Android components. The Android upstream project includes a list of applications considered core Android applications, which implements several intent patterns to perform common actions.
[C-0-1] Device implementations MUST preload one or more applications or service components with an intent handler, for all the public intent filter patterns defined by the following core android applications in AOSP:
[C-0-1] As Android is an extensible platform, device implementations MUST allow each intent pattern referenced in section 3.2.3.1 , except for Settings, to be overridden by third-party applications. The upstream Android open source implementation allows this by default.
[C-0-2] Dvice implementers MUST NOT attach special privileges to system applications' use of these intent patterns, or prevent third-party applications from binding to and assuming control of these patterns. This prohibition specifically includes but is not limited to disabling the “Chooser” user interface that allows the user to select between multiple applications that all handle the same intent pattern.
[C-0-3] Device implementations MUST provide a user interface for users to modify the default activity for intents.
However, device implementations MAY provide default activities for specific URI patterns (e.g. http://play.google.com) when the default activity provides a more specific attribute for the data URI. For example, an intent filter pattern specifying the data URI “http://www.android.com” is more specific than the browser's core intent pattern for “http://”.
Android also includes a mechanism for third-party apps to declare an authoritative default app linking behavior for certain types of web URI intents. When such authoritative declarations are defined in an app's intent filter patterns, device implementations:
Third-party applications rely on the platform to broadcast certain intents to notify them of changes in the hardware or software environment.
Device implementations:
Android includes settings that provide users an easy way to select their default applications, for example for Home screen or SMS.
Where it makes sense, device implementations MUST provide a similar settings menu and be compatible with the intent filter pattern and API methods described in the SDK documentation as below.
If device implementations report android.software.home_screen
, they:
android.settings.HOME_SETTINGS
intent to show a default app settings menu for Home Screen.
If device implementations report android.hardware.telephony
, they:
[C-2-1] MUST provide a settings menu that will call the android.provider.Telephony.ACTION_CHANGE_DEFAULT
intent to show a dialog to change the default SMS application.
[C-2-2] MUST honor the android.telecom.action.CHANGE_DEFAULT_DIALER
intent to show a dialog to allow the user to change the default Phone application.
[C-2-3] MUST honor the android.telecom.action.CHANGE_PHONE_ACCOUNTS intent to provide user affordance to configure the ConnectionServices
associated with the PhoneAccounts
, as well as a default PhoneAccount that the telecommunications service provider will use to place outgoing calls. The AOSP implementation meets this requirement by including a "Calling Accounts option" menu within the "Calls" settings menu.
If device implementations report android.hardware.nfc.hce
, they:
If device implementations support the VoiceInteractionService
and have more than one application using this API installed at a time, they:
android.settings.ACTION_VOICE_INPUT_SETTINGS
intent to show a default app settings menu for voice input and assist.
If device implementations allow launching normal Android Activities on secondary displays, they:
android.software.activities_on_secondary_displays
feature flag.
ActivityOptions.setLaunchDisplayId()
API.
Display.FLAG_PRIVATE
flag is removed.
VirtualDisplay
if the display itself is resized.
android.content.res.Configuration
which corresponds to that display in order to be displayed, operate correctly, and maintain compatibility if an activity is launched on secondary display.
If device implementations allow launching normal Android Activities on secondary displays and primary and secondary displays have different android.util.DisplayMetrics:
resizeableActivity=false
in AndroidManifest.xml
) and apps targeting API level 23 or lower MUST NOT be allowed on secondary displays.
If device implementations allow launching normal Android Activities on secondary displays and a secondary display has the android.view.Display.FLAG_PRIVATE flag:
Native code compatibility is challenging. For this reason, device implementers are:
Managed Dalvik bytecode can call into native code provided in the application .apk
file as an ELF .so
file compiled for the appropriate device hardware architecture. As native code is highly dependent on the underlying processor technology, Android defines a number of Application Binary Interfaces (ABIs) in the Android NDK.
Device implementations:
android.os.Build.SUPPORTED_ABIS
, android.os.Build.SUPPORTED_32_BIT_ABIS
, and android.os.Build.SUPPORTED_64_BIT_ABIS
parameters, each a comma separated list of ABIs ordered from the most to the least preferred one.
[C-0-6] MUST report, via the above parameters, a subset of the following list of ABIs and MUST NOT report any ABI not on the list.
armeabi
armeabi-v7a
arm64-v8a
x86
x86-64
[C-0-7] MUST make all the following libraries, providing native APIs, available to apps that include native code:
libaaudio.so (AAudio native audio support)
[C-0-8] MUST NOT add or remove the public functions for the native libraries listed above.
/vendor/etc/public.libraries.txt
.
libGLESv3.so
library. Note that while all the symbols MUST be present, section 7.1.4.1 describes in more detail the requirements for when the full implementation of each corresponding functions are expected.
VK_KHR_surface
, VK_KHR_android_surface
, VK_KHR_swapchain
, VK_KHR_maintenance1
, and VK_KHR_get_physical_device_properties2
extensions through the libvulkan.so
library. Note that while all the symbols MUST be present, section 7.1.4.2 describes in more detail the requirements for when the full implementation of each corresponding functions are expected.
Note that future releases of Android may introduce support for additional ABIs.
If device implementations report the support of the armeabi
ABI, they:
armeabi-v7a
and report its support, as armeabi
is only for backwards compatibility with older apps.
If device implementations report the support of the armeabi-v7a
ABI, for apps using this ABI, they:
[C-2-1] MUST include the following lines in /proc/cpuinfo
, and SHOULD NOT alter the values on the same device, even when they are read by other ABIs.
Features:
, followed by a list of any optional ARMv7 CPU features supported by the device.
CPU architecture:
, followed by an integer describing the device's highest supported ARM architecture (e.g., "8" for ARMv8 devices).
[C-2-2] MUST always keep the following operations available, even in the case where the ABI is implemented on an ARMv8 architecture, either through native CPU support or through software emulation:
[C-2-3] MUST include support for the Advanced SIMD (a.k.a. NEON) extension.
If device implementations provide a complete implementation of the android.webkit.Webview
API, they:
android.software.webview
.
android.webkit.WebView
API.
[C-1-3] The user agent string reported by the WebView MUST be in this format:
Mozilla/5.0 (Linux; Android $(VERSION); $(MODEL) Build/$(BUILD); wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 $(CHROMIUM_VER) Mobile Safari/537.36
The WebView component SHOULD include support for as many HTML5 features as possible and if it supports the feature SHOULD conform to the HTML5 specification.
If device implementations include a standalone Browser application for general web browsing, they:
However, If device implementations do not include a standalone Browser application, they:
Device implementations:
The behaviors of each of the API types (managed, soft, native, and web) must be consistent with the preferred implementation of the upstream Android Open Source Project. Some specific areas of compatibility are:
GnssMeasurement
and GnssNavigationMessage
.
LocationManager
API class or the WifiManager.startScan()
method.
"signature"
or "signatureOrSystem"
protectionLevel
permission or are on the exemption list .
stopSelf()
method, unless the app is placed on a temporary whitelist to handle a task that's visible to the user.
Security.getProviders()
method, in the given order and with the given names (as returned by Provider.getName()
) and classes, unless the app has modified the list via insertProviderAt()
or removeProvider()
. Devices MAY return additional providers after the specified list of providers below.
android.security.net.config.NetworkSecurityConfigProvider
com.android.org.conscrypt.OpenSSLProvider
sun.security.provider.CertPathProvider
android.security.keystore.AndroidKeyStoreBCWorkaroundProvider
com.android.org.bouncycastle.jce.provider.BouncyCastleProvider
com.android.org.conscrypt.JSSEProvider
android.security.keystore.AndroidKeyStoreProvider
The above list is not comprehensive. The Compatibility Test Suite (CTS) tests significant portions of the platform for behavioral compatibility, but not all. It is the responsibility of the implementer to ensure behavioral compatibility with the Android Open Source Project. For this reason, device implementers SHOULD use the source code available via the Android Open Source Project where possible, rather than re-implement significant parts of the system.
If device implementations implement the app restrictions that are included in AOSP or extend the app restrictions, they:
true
for ActivityManager.isBackgroundRestricted()
when the restricted app calls this API.
UsageStats
. If device implementations extend the app restrictions that are implemented in AOSP, MUST follow the implementation described in this document.
Android follows the package and class namespace conventions defined by the Java programming language. To ensure compatibility with third-party applications, device implementers MUST NOT make any prohibited modifications (see below) to these package namespaces:
java.*
javax.*
sun.*
android.*
androidx.*
com.android.*
That is, they:
Device implementers MAY modify the underlying implementation of the APIs, but such modifications:
However, device implementers MAY add custom APIs outside the standard Android namespace, but the custom APIs:
com.google.*
or similar namespace: only Google may do so. Similarly, Google MUST NOT add APIs to other companies' namespaces.
If a device implementer proposes to improve one of the package namespaces above (such as by adding useful new functionality to an existing API, or adding a new API), the implementer SHOULD visit source.android.com and begin the process for contributing changes and code, according to the information on that site.
Note that the restrictions above correspond to standard conventions for naming APIs in the Java programming language; this section simply aims to reinforce those conventions and make them binding through inclusion in this Compatibility Definition.
Device implementations:
[C-0-1] MUST support the full Dalvik Executable (DEX) format and Dalvik bytecode specification and semantics.
[C-0-2] MUST configure Dalvik runtimes to allocate memory in accordance with the upstream Android platform, and as specified by the following table. (See section 7.1.1 for screen size and screen density definitions.)
SHOULD use Android RunTime (ART), the reference upstream implementation of the Dalvik Executable Format, and the reference implementation’s package management system.
SHOULD run fuzz tests under various modes of execution and target architectures to assure the stability of the runtime. Refer to JFuzz and DexFuzz in the Android Open Source Project website.
Note that memory values specified below are considered minimum values and device implementations MAY allocate more memory per application.
Screen Layout | Screen Density | Minimum Application Memory |
---|---|---|
Android Watch | 120 dpi (ldpi) | 32MB |
160 dpi (mdpi) | ||
213 dpi (tvdpi) | ||
240 dpi (hdpi) | 36MB | |
280 dpi (280dpi) | ||
320 dpi (xhdpi) | 48MB | |
360 dpi (360dpi) | ||
400 dpi (400dpi) | 56MB | |
420 dpi (420dpi) | 64MB | |
480 dpi (xxhdpi) | 88MB | |
560 dpi (560dpi) | 112MB | |
640 dpi (xxxhdpi) | 154MB | |
small/normal | 120 dpi (ldpi) | 32MB |
160 dpi (mdpi) | ||
213 dpi (tvdpi) | 48MB | |
240 dpi (hdpi) | ||
280 dpi (280dpi) | ||
320 dpi (xhdpi) | 80MB | |
360 dpi (360dpi) | ||
400 dpi (400dpi) | 96MB | |
420 dpi (420dpi) | 112MB | |
480 dpi (xxhdpi) | 128MB | |
560 dpi (560dpi) | 192MB | |
640 dpi (xxxhdpi) | 256MB | |
large | 120 dpi (ldpi) | 32MB |
160 dpi (mdpi) | 48MB | |
213 dpi (tvdpi) | 80MB | |
240 dpi (hdpi) | ||
280 dpi (280dpi) | 96MB | |
320 dpi (xhdpi) | 128MB | |
360 dpi (360dpi) | 160MB | |
400 dpi (400dpi) | 192MB | |
420 dpi (420dpi) | 228MB | |
480 dpi (xxhdpi) | 256MB | |
560 dpi (560dpi) | 384MB | |
640 dpi (xxxhdpi) | 512MB | |
xlarge | 120 dpi (ldpi) | 48MB |
160 dpi (mdpi) | 80MB | |
213 dpi (tvdpi) | 96MB | |
240 dpi (hdpi) | ||
280 dpi (280dpi) | 144MB | |
320 dpi (xhdpi) | 192MB | |
360 dpi (360dpi) | 240MB | |
400 dpi (400dpi) | 288MB | |
420 dpi (420dpi) | 336MB | |
480 dpi (xxhdpi) | 384MB | |
560 dpi (560dpi) | 576MB | |
640 dpi (xxxhdpi) | 768MB |
Android includes a launcher application (home screen) and support for third-party applications to replace the device launcher (home screen).
If device implementations allow third-party applications to replace the device home screen, they:
android.software.home_screen
.
AdaptiveIconDrawable
object when the third party application use <adaptive-icon>
tag to provide their icon, and the PackageManager
methods to retrieve icons are called.
If device implementations include a default launcher that supports in-app pinning of shortcuts, they:
true
for ShortcutManager.isRequestPinShortcutSupported()
.
ShortcutManager.requestPinShortcut()
API method.
Conversely, if device implementations do not support in-app pinning of shortcuts, they:
false
for ShortcutManager.isRequestPinShortcutSupported()
.
If device implementations implement a default launcher that provides quick access to the additional shortcuts provided by third-party apps through the ShortcutManager API, they:
ShortcutManager
API class.
If device implementations include a default launcher app that shows badges for the app icons, they:
NotificationChannel.setShowBadge()
API method. In other words, show a visual affordance associated with the app icon if the value is set as true
, and do not show any app icon badging scheme when all of the app's notification channels have set the value as false
.
Notification.Builder.setNumber()
and the Notification.Builder.setBadgeIconType()
API.
Android supports third-party app widgets by defining a component type and corresponding API and lifecycle that allows applications to expose an “AppWidget” to the end user.
If device implementations support third-party app widgets, they:
android.software.app_widgets
.
If device implementations support third-party app widgets and in-app pinning of shortcuts, they:
true
for AppWidgetManager.html.isRequestPinAppWidgetSupported()
.
AppWidgetManager.requestPinAppWidget()
API method.
Android includes Notification
and NotificationManager
APIs that allow third-party app developers to notify users of notable events and attract users' attention using the hardware components (e.g. sound, vibration and light) and software features (e.g. notification shade, system bar) of the device.
If device implementations allow third party apps to notify users of notable events, they:
If device implementations support rich notifications, they:
Notification.Style
API class and its subclasses for the presented resource elements.
Notification.Style
API class and its subclasses.
If device implementation support heads-up notifications: they:
Notification.Builder
API class when heads-up notifications are presented.
Notification.Builder.addAction()
together with the notification content without additional user interaction as described in the SDK.
Android includes the NotificationListenerService
APIs that allow apps (once explicitly enabled by the user) to receive a copy of all notifications as they are posted or updated.
If device implementations report the feature flag android.hardware.ram.normal
, they:
snoozeNotification()
API call, and dismiss the notification and make a callback after the snooze duration that is set in the API call.
If device implementations have a user affordance to snooze notifications, they:
NotificationListenerService.getSnoozedNotifications()
.
If device implementations support the DND feature, they:
suppressedVisualEffects
values passed along the NotificationManager.Policy
and if an app has set any of the SUPPRESSED_EFFECT_SCREEN_OFF or SUPPRESSED_EFFECT_SCREEN_ON flags, it SHOULD indicate to the user that the visual effects are suppressed in the DND settings menu.
Android includes APIs that allow developers to incorporate search into their applications and expose their application’s data into the global system search. Generally speaking, this functionality consists of a single, system-wide user interface that allows users to enter queries, displays suggestions as users type, and displays results. The Android APIs allow developers to reuse this interface to provide search within their own apps and allow developers to supply results to the common global search user interface.
If device implementations implement the global search interface, they:
If no third-party applications are installed that make use of the global search:
Android also includes the Assist APIs to allow applications to elect how much information of the current context is shared with the assistant on the device.
If device implementations support the Assist action, they:
VoiceInteractionService
, or an activity handling the ACTION_ASSIST
intent.
Applications can use the Toast
API to display short non-modal strings to the end user that disappear after a brief period of time, and use the TYPE_APPLICATION_OVERLAY
window type API to display alert windows as an overlay over other apps.
If device implementations include a screen or video output, they:
[C-1-1] MUST provide a user affordance to block an app from displaying alert windows that use the TYPE_APPLICATION_OVERLAY
. The AOSP implementation meets this requirement by having controls in the notification shade.
[C-1-2] MUST honor the Toast API and display Toasts from applications to end users in some highly visible manner.
Android provides “themes” as a mechanism for applications to apply styles across an entire Activity or application.
Android includes a “Holo” and "Material" theme family as a set of defined styles for application developers to use if they want to match the Holo theme look and feel as defined by the Android SDK.
If device implementations include a screen or video output, they:
Android also includes a “Device Default” theme family as a set of defined styles for application developers to use if they want to match the look and feel of the device theme as defined by the device implementer.
Android supports a variant theme with translucent system bars, which allows application developers to fill the area behind the status and navigation bar with their app content. To enable a consistent developer experience in this configuration, it is important the status bar icon style is maintained across different device implementations.
If device implementations include a system status bar, they:
Android defines a component type and corresponding API and lifecycle that allows applications to expose one or more “Live Wallpapers” to the end user. Live wallpapers are animations, patterns, or similar images with limited input capabilities that display as a wallpaper, behind other applications.
Hardware is considered capable of reliably running live wallpapers if it can run all live wallpapers, with no limitations on functionality, at a reasonable frame rate with no adverse effects on other applications. If limitations in the hardware cause wallpapers and/or applications to crash, malfunction, consume excessive CPU or battery power, or run at unacceptably low frame rates, the hardware is considered incapable of running live wallpaper. As an example, some live wallpapers may use an OpenGL 2.0 or 3.x context to render their content. Live wallpaper will not run reliably on hardware that does not support multiple OpenGL contexts because the live wallpaper use of an OpenGL context may conflict with other applications that also use an OpenGL context.
If device implementations implement live wallpapers, they:
The upstream Android source code includes the overview screen, a system-level user interface for task switching and displaying recently accessed activities and tasks using a thumbnail image of the application’s graphical state at the moment the user last left the application.
Device implementations including the recents function navigation key as detailed in section 7.2.3 MAY alter the interface.
If device implementations including the recents function navigation key as detailed in section 7.2.3 alter the interface, they:
Android includes support for Input Management and support for third-party input method editors.
If device implementations allow users to use third-party input methods on the device, they:
If device implementations declare the android.software.autofill
feature flag, they:
AutofillService
and AutofillManager
APIs and honor the android.settings.REQUEST_SET_AUTOFILL_SERVICE
intent to show a default app settings menu to enable and disable autofill and change the default autofill service for the user.
The Remote Control Client API is deprecated from Android 5.0 in favor of the Media Notification Template that allows media applications to integrate with playback controls that are displayed on the lock screen.
Android includes support for interactivescreensavers, previously referred to as Dreams. Screen savers allow users to interact with applications when a device connected to a power source is idle or docked in a desk dock. Android Watch devices MAY implement screen savers, but other types of device implementations SHOULD include support for screen savers and provide a settings option for users to configure screen savers in response to the android.settings.DREAM_SETTINGS
intent.
If device implementations include a hardware sensor (e.g. GPS) that is capable of providing the location coordinates, they
Android includes support for the emoji characters defined in Unicode 10.0.
If device implementations include a screen or video output, they:
If device implementations include an IME, they:
If device implementations have the capability to display multiple activities at the same time, they:
AndroidManifest.xml
file, either explicitly via setting the android:resizeableActivity
attribute to true
or implicitly by having the targetSdkVersion > 24. Apps that explicitly set this attribute to false
in their manifest MUST NOT be launched in multi-window mode. Older apps with targetSdkVersion < 24 that did not set this android:resizeableActivity
attribute MAY be launched in multi-window mode, but the system MUST provide warning that the app may not work as expected in multi-window mode.
xlarge
SHOULD support freeform mode.
If device implementations support multi-window mode(s), and the split screen mode, they:
AndroidManifestLayout_minWidth
and AndroidManifestLayout_minHeight
values of the third-party launcher application and not override these values in the course of showing some content of the docked activity.
If device implementations support multi-window mode(s) and Picture-in-Picture multi-window mode, they:
android:supportsPictureInPicture
* Targeting API level 25 or lower and declares both android:resizeableActivity
and android:supportsPictureInPicture
.
setActions()
API.
setAspectRatio()
API.
KeyEvent.KEYCODE_WINDOW
to control the PIP window; if PIP mode is not implemented, the key MUST be available to the foreground activity.
Configuration.uiMode
is configured as UI_MODE_TYPE_TELEVISION
.
Android supports a Display Cutout as described in the SDK document. The DisplayCutout
API defines an area on the edge of the display that is not functional for displaying content.
If device implementations include display cutout(s), they:
WindowManager.LayoutParams
API as described in the SDK.
DisplayCutout
API.
Android includes features that allow security-aware applications to perform device administration functions at the system level, such as enforcing password policies or performing remote wipe, through the Android Device Administration API.
If device implementations implement the full range of device administration policies defined in the Android SDK documentation, they:
android.software.device_admin
.
If device implementations declare android.software.device_admin
, they:
true
for DevicePolicyManager.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE)
.
android.app.action.PROVISION_MANAGED_DEVICE
.
android.hardware.nfc
and receives an NFC message containing a record with MIME type MIME_TYPE_PROVISIONING_NFC
.
false
for the DevicePolicyManager.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE)
.
If device implementations declare android.software.device_admin
, but also include a proprietary Device Owner management solution and provide a mechanism to promote an application configured in their solution as a "Device Owner equivalent" to the standard "Device Owner" as recognized by the standard Android DevicePolicyManager APIs, they:
android.app.action.PROVISION_MANAGED_DEVICE
prior to enrolling the DPC application as "Device Owner".
If device implementations declare android.software.managed_users
, they:
[C-1-1] MUST implement the APIs allowing a Device Policy Controller (DPC) application to become the owner of a new Managed Profile.
[C-1-2] The managed profile provisioning process (the flow initiated by android.app.action.PROVISION_MANAGED_PROFILE) users experience MUST align with the AOSP implementation.
[C-1-3] MUST provide the following user affordances within the Settings to indicate to the user when a particular system function has been disabled by the Device Policy Controller (DPC):
setShortSupportMessage
.
If device implementations declare android.software.managed_users
, they:
android.app.admin.DevicePolicyManager
APIs.
DevicePolicyManager.ACTION_SET_NEW_PASSWORD
intent and show an interface to configure a separate lock screen credential for the managed profile.
DevicePolicyManager
instance returned by getParentProfileInstance.
If device implementations declare android.software.managed_users
, they:
isLogoutEnabled
returns true
. The user affordance MUST be accessible from the lockscreen without unlocking the device.
Android provides an accessibility layer that helps users with disabilities to navigate their devices more easily. In addition, Android provides platform APIs that enable accessibility service implementations to receive callbacks for user and system events and generate alternate feedback mechanisms, such as text-to-speech, haptic feedback, and trackball/d-pad navigation.
If device implementations support third-party accessibility services, they:
AccessibilityEvent
to all registered AccessibilityService
implementations as documented in the SDK.
android.settings.ACCESSIBILITY_SETTINGS
intent to provide a user-accessible mechanism to enable and disable the third-party accessibility services alongside the preloaded accessibility services.
AccessibilityServiceInfo.FLAG_REQUEST_ACCESSIBILITY_BUTTON
. Note that for device implementations with no system navigation bar, this requirement is not applicable, but device implementations SHOULD provide a user affordance to control these accessibility services.
If device implementations include preloaded accessibility services, they:
Android includes APIs that allow applications to make use of text-to-speech (TTS) services and allows service providers to provide implementations of TTS services.
If device implementations reporting the feature android.hardware.audio.output, they:
If device implementations support installation of third-party TTS engines, they:
The Android Television Input Framework (TIF) simplifies the delivery of live content to Android Television devices. TIF provides a standard API to create input modules that control Android Television devices.
If device implementations support TIF, they:
android.software.live_tv
.
Android provides a Quick Settings UI component that allows quick access to frequently used or urgently needed actions.
If device implementations include a Quick Settings UI component, they:
quicksettings
APIs from a third-party app.
If device implementations include the UI framework that supports third-party apps that depend on MediaBrowser
and MediaSession
, they:
KEYCODE_HEADSETHOOK
or KEYCODE_MEDIA_PLAY_PAUSE
as KEYCODE_MEDIA_NEXT
for MediaSession.Callback#onMediaButtonEvent
.
Device implementations MUST satisfy the following requirements:
android:protectionLevel
set to "instant"
.
Android includes support for companion device pairing to more effectively manage association with companion devices and provides the CompanionDeviceManager
API for apps to access this feature.
If device implementations support the companion device pairing feature, they:
FEATURE_COMPANION_DEVICE_SETUP
.
android.companion
package is fully implemented.
If device implementations declare the feature FEATURE_CANT_SAVE_STATE
, then they:
cantSaveState
running in the system at a time. If the user leaves such an app without explicitly exiting it (for example by pressing home while leaving an active activity the system, instead of pressing back with no remaining active activities in the system), then device implementations MUST prioritize that app in RAM as they do for other things that are expected to remain running, such as foreground services. While such an app is in the background, the system can still apply power management features to it, such as limiting CPU and network access.
cantSaveState
attribute.
cantSaveState
, such as changing CPU performance or changing scheduling prioritization.
If device implementations don't declare the feature FEATURE_CANT_SAVE_STATE
, then they:
cantSaveState
attribute set by apps and MUST NOT change the app behavior based on that attribute.
Devices implementations:
Device implementations:
[C-0-4] MUST NOT allow apps other than the current "installer of record" for the package to silently uninstall the app without any user confirmation, as documented in the SDK for the DELETE_PACKAGE
permission. The only exceptions are the system package verifier app handling PACKAGE_NEEDS_VERIFICATION intent and the storage manager app handling ACTION_MANAGE_STORAGE intent.
[C-0-5] MUST have an activity that handles the android.settings.MANAGE_UNKNOWN_APP_SOURCES
intent.
[C-0-6] MUST NOT install application packages from unknown sources, unless the app that requests the installation meets all the following requirements:
REQUEST_INSTALL_PACKAGES
permission or have the android:targetSdkVersion
set at 24 or lower.
SHOULD provide a user affordance to grant/revoke the permission to install apps from unknown sources per application, but MAY choose to implement this as a no-op and return RESULT_CANCELED
for startActivityForResult()
, if the device implementation does not want to allow users to have this choice. However, even in such cases, they SHOULD indicate to the user why there is no such choice presented.
[C-0-7] MUST display a warning dialog with the warning string that is provided through the system API PackageManager.setHarmfulAppWarning
to the user before launching an activity in an application that has been marked by the same system API PackageManager.setHarmfulAppWarning
as potentially harmful.
Device implementations:
MediaCodecList
.
MediaCodecList
.
CamcorderProfile
.
Device implementations:
All of the codecs listed in the section below are provided as software implementations in the preferred Android implementation from the Android Open Source Project.
Please note that neither Google nor the Open Handset Alliance make any representation that these codecs are free from third-party patents. Those intending to use this source code in hardware or software products are advised that implementations of this code, including in open source software or shareware, may require patent licenses from the relevant patent holders.
See more details in 5.1.3. Audio Codecs Details.
If device implementations declare android.hardware.microphone
, they MUST support the following audio encoding:
See more details in 5.1.3. Audio Codecs Details.
If device implementations declare support for the android.hardware.audio.output
feature, they must support decoding the following audio formats:
If device implementations support the decoding of AAC input buffers of multichannel streams (i.e. more than two channels) to PCM through the default AAC audio decoder in the android.media.MediaCodec
API, the following MUST be supported:
android.media.MediaFormat
DRC keys to configure the dynamic range-related behaviors of the audio decoder. The AAC DRC keys were introduced in API 21,and are: KEY_AAC_DRC_ATTENUATION_FACTOR
, KEY_AAC_DRC_BOOST_FACTOR
, KEY_AAC_DRC_HEAVY_COMPRESSION
, KEY_AAC_DRC_TARGET_REFERENCE_LEVEL
and KEY_AAC_ENCODED_TARGET_LEVEL
.
When decoding USAC audio, MPEG-D (ISO/IEC 23003-4):
android.media.MediaFormat
keys: KEY_AAC_DRC_TARGET_REFERENCE_LEVEL
and KEY_AAC_DRC_EFFECT_TYPE
.
MPEG-4 AAC, HE AAC, and HE AACv2 profile decoders:
If ISO/IEC 23003-4 is supported and if both ISO/IEC 23003-4 and ISO/IEC 14496-3 metadata are present in a decoded bitstream, then:
Format/Codec | Details | Supported File Types/Container Formats |
---|---|---|
MPEG-4 AAC Profile (AAC LC) |
Support for mono/stereo/5.0/5.1 content with standard sampling rates from 8 to 48 kHz. |
|
MPEG-4 HE AAC Profile (AAC+) | Support for mono/stereo/5.0/5.1 content with standard sampling rates from 16 to 48 kHz. | |
MPEG-4 HE AACv2 Profile (enhanced AAC+) |
Support for mono/stereo/5.0/5.1 content with standard sampling rates from 16 to 48 kHz. | |
AAC ELD (enhanced low delay AAC) | Support for mono/stereo content with standard sampling rates from 16 to 48 kHz. | |
USAC | Support for mono/stereo content with standard sampling rates from 7.35 to 48 kHz. |
|
AMR-NB | 4.75 to 12.2 kbps sampled @ 8 kHz | 3GPP (.3gp) |
AMR-WB | 9 rates from 6.60 kbit/s to 23.85 kbit/s sampled @ 16 kHz | |
FLAC | Mono/Stereo (no multichannel). Sample rates up to 48 kHz (but up to 44.1 kHz is RECOMMENDED on devices with 44.1 kHz output, as the 48 to 44.1 kHz downsampler does not include a low-pass filter). 16-bit RECOMMENDED; no dither applied for 24-bit. | FLAC (.flac) only |
MP3 | Mono/Stereo 8-320Kbps constant (CBR) or variable bitrate (VBR) | MP3 (.mp3) |
MIDI | MIDI Type 0 and 1. DLS Version 1 and 2. XMF and Mobile XMF. Support for ringtone formats RTTTL/RTX, OTA, and iMelody |
|
Vorbis |
|
|
PCM/WAVE | 16-bit linear PCM (rates up to limit of hardware). Devices MUST support sampling rates for raw PCM recording at 8000, 11025, 16000, and 44100 Hz frequencies. | WAVE (.wav) |
Opus | Matroska (.mkv), Ogg(.ogg) |
See more details in 5.1.6. Image Codecs Details.
Device implementations MUST support encoding the following image encoding:
See more details in 5.1.6. Image Codecs Details.
Device implementations MUST support decoding the following image encoding:
Format/Codec | Details | Supported File Types/Container Formats |
---|---|---|
JPEG | Base+progressive | JPEG (.jpg) |
GIF | GIF (.gif) | |
PNG | PNG (.png) | |
BMP | BMP (.bmp) | |
WebP | WebP (.webp) | |
Raw | ARW (.arw), CR2 (.cr2), DNG (.dng), NEF (.nef), NRW (.nrw), ORF (.orf), PEF (.pef), RAF (.raf), RW2 (.rw2), SRW (.srw) | |
HEIF | Image, Image collection, Image sequence | HEIF (.heif), HEIC (.heic) |
If device implementations include a video decoder or encoder:
[C-1-1] Video codecs MUST support output and input bytebuffer sizes that accommodate the largest feasible compressed and uncompressed frame as dictated by the standard and configuration but also not overallocate.
[C-1-2] Video encoders and decoders MUST support YUV420 flexible color format (COLOR_FormatYUV420Flexible).
If device implementations advertise HDR profile support through Display.HdrCapabilities
, they:
If device implementations advertise intra refresh support through FEATURE_IntraRefresh
in the MediaCodecInfo.CodecCapabilities
class, they:
Format/Codec | Details |
Supported File Types/ Container Formats |
---|---|---|
H.263 |
|
|
H.264 AVC | See section 5.2 and 5.3 for details |
|
H.265 HEVC | See section 5.3 for details | MPEG-4 (.mp4) |
MPEG-2 | Main Profile | MPEG2-TS |
MPEG-4 SP | 3GPP (.3gp) | |
VP8 | See section 5.2 and 5.3 for details |
|
VP9 | See section 5.3 for details |
|
If device implementations support any video encoder and make it available to third-party apps, they:
If device implementations include an embedded screen display with the diagonal length of at least 2.5 inches or include a video output port or declare the support of a camera via the android.hardware.camera.any
feature flag, they:
If device implementations support any of the H.264, VP8, VP9 or HEVC video encoders and make it available to third-party applications, they:
If device implementations support the MPEG-4 SP video encoder and make it available to third-party apps, they:
If device implementations support H.263 encoders and make it available to third-party apps, they:
If device implementations support H.264 codec, they:
If device implementations report support of H.264 encoding for 720p or 1080p resolution videos through the media APIs, they:
SD (Low quality) | SD (High quality) | HD 720p | HD 1080p | |
---|---|---|---|---|
Video resolution | 320 x 240 px | 720 x 480 px | 1280 x 720 px | 1920 x 1080 px |
Video frame rate | 20 fps | 30 fps | 30 fps | 30 fps |
Video bitrate | 384 Kbps | 2 Mbps | 4 Mbps | 10 Mbps |
If device implementations support VP8 codec, they:
If device implementations report support of VP8 encoding for 720p or 1080p resolution videos through the media APIs, they:
SD (Low quality) | SD (High quality) | HD 720p | HD 1080p | |
---|---|---|---|---|
Video resolution | 320 x 180 px | 640 x 360 px | 1280 x 720 px | 1920 x 1080 px |
Video frame rate | 30 fps | 30 fps | 30 fps | 30 fps |
Video bitrate | 800 Kbps | 2 Mbps | 4 Mbps | 10 Mbps |
If device implementations support VP9 codec, they:
If device implementations support VP8, VP9, H.264, or H.265 codecs, they:
If device implementations declare support for the Dolby Vision decoder through HDR_TYPE_DOLBY_VISION
, they:
If device implementations support MPEG-2 decoders, they:
If device implementations support H.263 decoders, they:
If device implementations with MPEG-4 decoders, they:
If device implementations support H.264 decoders, they:
If the height that is reported by the Display.getSupportedModes()
method is equal or greater than the video resolution, device implementations:
SD (Low quality) | SD (High quality) | HD 720p | HD 1080p | |
---|---|---|---|---|
Video resolution | 320 x 240 px | 720 x 480 px | 1280 x 720 px | 1920 x 1080 px |
Video frame rate | 30 fps | 30 fps | 60 fps | 30 fps (60 fpsTelevision) |
Video bitrate | 800 Kbps | 2 Mbps | 8 Mbps | 20 Mbps |
If device implementations support H.265 codec, they:
If the height that is reported by the Display.getSupportedModes()
method is equal to or greater than the video resolution, then:
SD (Low quality) | SD (High quality) | HD 720p | HD 1080p | UHD | |
---|---|---|---|---|---|
Video resolution | 352 x 288 px | 720 x 480 px | 1280 x 720 px | 1920 x 1080 px | 3840 x 2160 px |
Video frame rate | 30 fps | 30 fps | 30 fps | 30/60 fps (60 fpsTelevision with H.265 hardware decoding) | 60 fps |
Video bitrate | 600 Kbps | 1.6 Mbps | 4 Mbps | 5 Mbps | 20 Mbps |
If device implementations support VP8 codec, they:
If the height as reported by the Display.getSupportedModes()
method is equal or greater than the video resolution, then:
SD (Low quality) | SD (High quality) | HD 720p | HD 1080p | |
---|---|---|---|---|
Video resolution | 320 x 180 px | 640 x 360 px | 1280 x 720 px | 1920 x 1080 px |
Video frame rate | 30 fps | 30 fps | 30 fps (60 fpsTelevision) | 30 (60 fpsTelevision) |
Video bitrate | 800 Kbps | 2 Mbps | 8 Mbps | 20 Mbps |
If device implementations support VP9 codec, they:
If device implementations support VP9 codec and a hardware decoder:
If the height that is reported by the Display.getSupportedModes()
method is equal to or greater than the video resolution, then:
SD (Low quality) | SD (High quality) | HD 720p | HD 1080p | UHD | |
---|---|---|---|---|---|
Video resolution | 320 x 180 px | 640 x 360 px | 1280 x 720 px | 1920 x 1080 px | 3840 x 2160 px |
Video frame rate | 30 fps | 30 fps | 30 fps | 30 fps (60 fpsTelevision with VP9 hardware decoding) | 60 fps |
Video bitrate | 600 Kbps | 1.6 Mbps | 4 Mbps | 5 Mbps | 20 Mbps |
While some of the requirements outlined in this section are listed as SHOULD since Android 4.3, the Compatibility Definition for future versions are planned to change these to MUST. Existing and new Android devices are STRONGLY RECOMMENDED to meet these requirements that are listed as SHOULD, or they will not be able to attain Android compatibility when upgraded to the future version.
If device implementations declare android.hardware.microphone
, they:
[C-1-1] MUST allow capture of raw audio content with the following characteristics:
[C-1-2] MUST capture at above sample rates without up-sampling.
SHOULD allow AM radio and DVD quality capture of raw audio content, which means the following characteristics:
If device implementations allow AM radio and DVD quality capture of raw audio content, they:
If device implementations declare android.hardware.microphone
, they:
android.media.MediaRecorder.AudioSource.VOICE_RECOGNITION
audio source at one of the sampling rates, 44100 and 48000.
AudioSource.VOICE_RECOGNITION
audio source.
AudioSource.VOICE_RECOGNITION
audio source.
If device implementations declare android.hardware.microphone
and noise suppression (reduction) technologies tuned for speech recognition, they:
android.media.audiofx.NoiseSuppressor
API.
AudioEffect.Descriptor.uuid
field.
The android.media.MediaRecorder.AudioSource
class includes the REMOTE_SUBMIX
audio source.
If device implementations declare both android.hardware.audio.output
and android.hardware.microphone
, they:
[C-1-1] MUST properly implement the REMOTE_SUBMIX
audio source so that when an application uses the android.media.AudioRecord
API to record from this audio source, it captures a mix of all audio streams except for the following:
AudioManager.STREAM_RING
AudioManager.STREAM_ALARM
AudioManager.STREAM_NOTIFICATION
Android includes the support to allow apps to playback audio through the audio output peripheral as defined in section 7.8.2.
If device implementations declare android.hardware.audio.output
, they:
[C-1-1] MUST allow playback of raw audio content with the following characteristics:
SHOULD allow playback of raw audio content with the following characteristics:
Android provides an API for audio effects for device implementations.
If device implementations declare the feature android.hardware.audio.output
, they:
EFFECT_TYPE_EQUALIZER
and EFFECT_TYPE_LOUDNESS_ENHANCER
implementations controllable through the AudioEffect subclasses Equalizer
, LoudnessEnhancer
.
Visualizer
class.
EFFECT_TYPE_DYNAMICS_PROCESSING
implementation controllable through the AudioEffect subclass DynamicsProcessing
.
EFFECT_TYPE_BASS_BOOST
, EFFECT_TYPE_ENV_REVERB
, EFFECT_TYPE_PRESET_REVERB
, and EFFECT_TYPE_VIRTUALIZER
implementations controllable through the AudioEffect
sub-classes BassBoost
, EnvironmentalReverb
, PresetReverb
, and Virtualizer
.
Automotive device implementations:
android.car.CarAudioManager
.
Audio latency is the time delay as an audio signal passes through a system. Many classes of applications rely on short latencies, to achieve real-time sound effects.
For the purposes of this section, use the following definitions:
If device implementations declare android.hardware.audio.output
they are STRONGLY RECOMMENDED to meet or exceed the following requirements:
AAudioStream_getTimestamp
is accurate to +/- 1 ms.
If device implementations meet the above requirements, after any initial calibration, when using both the OpenSL ES PCM buffer queue and AAudio native audio APIs, for continuous output latency and cold output latency over at least one supported audio output device, they are:
android.hardware.audio.low_latency
feature flag.
AAUDIO_PERFORMANCE_MODE_LOW_LATENCY
from AAudioStream_getPerformanceMode()
, the value returned by AAudioStream_getFramesPerBurst()
is less than or equal to the value returned by android.media.AudioManager.getProperty(String)
for property key AudioManager.PROPERTY_OUTPUT_FRAMES_PER_BUFFER
.
If device implementations do not meet the requirements for low-latency audio via both the OpenSL ES PCM buffer queue and AAudio native audio APIs, they:
If device implementations include android.hardware.microphone
, they are STRONGLY RECOMMENDED to meet these input audio requirements:
AAudioStream_getTimestamp
, to +/- 1 ms.
Device implementations MUST support the media network protocols for audio and video playback as specified in the Android SDK documentation.
If device implementations include an audio or a video decoder, they:
[C-1-1] MUST support all required codecs and container formats in section 5.1 over HTTP(S).
[C-1-2] MUST support the media segment formats shown in the Media Segment Formats table below over HTTP Live Streaming draft protocol, Version 7.
[C-1-3] MUST support the following RTP audio video profile and related codecs in the RTSP table below. For exceptions please see the table footnotes in section 5.1.
Media Segment Formats
Segment formats | Reference(s) | Required codec support |
---|---|---|
MPEG-2 Transport Stream | ISO 13818 |
Video codecs:
and MPEG-2. Audio codecs:
|
AAC with ADTS framing and ID3 tags | ISO 13818-7 | See section 5.1.1 for details on AAC and its variants |
WebVTT | WebVTT |
RTSP (RTP, SDP)
Profile name | Reference(s) | Required codec support |
---|---|---|
H264 AVC | RFC 6184 | See section 5.1.3 for details on H264 AVC |
MP4A-LATM | RFC 6416 | See section 5.1.1 for details on AAC and its variants |
H263-1998 |
RFC 3551 RFC 4629 RFC 2190 |
See section 5.1.3 for details on H263 |
H263-2000 | RFC 4629 | See section 5.1.3 for details on H263 |
AMR | RFC 4867 | See section 5.1.1 for details on AMR-NB |
AMR-WB | RFC 4867 | See section 5.1.1 for details on AMR-WB |
MP4V-ES | RFC 6416 | See section 5.1.3 for details on MPEG-4 SP |
mpeg4-generic | RFC 3640 | See section 5.1.1 for details on AAC and its variants |
MP2T | RFC 2250 | See MPEG-2 Transport Stream underneath HTTP Live Streaming for details |
If device implementations support secure video output and are capable of supporting secure surfaces, they:
Display.FLAG_SECURE
.
If device implementations declare support for Display.FLAG_SECURE
and support wireless display protocol, they:
If device implementations declare support for Display.FLAG_SECURE
and support wired external display, they:
If device implementations report support for feature android.software.midi
via the android.content.pm.PackageManager
class, they:
[C-1-1] MUST support MIDI over all MIDI-capable hardware transports for which they provide generic non-MIDI connectivity, where such transports are:
[C-1-2] MUST support the inter-app MIDI software transport (virtual MIDI devices)
If device implementations report support for feature android.hardware.audio.pro
via the android.content.pm.PackageManager class, they:
android.hardware.audio.low_latency
.
android.software.midi
.
CLOCK_MONOTONIC
when both are active.
If device implementations meet all of the above requirements, they:
android.hardware.audio.pro
via the android.content.pm.PackageManager
class.
If device implementations include a 4 conductor 3.5mm audio jack, they:
If device implementations omit a 4 conductor 3.5mm audio jack and include a USB port(s) supporting USB host mode, they:
If device implementations include an HDMI port, they:
Android includes support for recording of unprocessed audio via the android.media.MediaRecorder.AudioSource.UNPROCESSED
audio source. In OpenSL ES, it can be accessed with the record preset SL_ANDROID_RECORDING_PRESET_UNPROCESSED
.
If device implementations intent to support unprocessed audio source and make it available to third-party apps, they:
[C-1-1] MUST report the support through the android.media.AudioManager
property PROPERTY_SUPPORT_AUDIO_SOURCE_UNPROCESSED.
[C-1-2] MUST exhibit approximately flat amplitude-versus-frequency characteristics in the mid-frequency range: specifically ±10dB from 100 Hz to 7000 Hz for each and every microphone used to record the unprocessed audio source.
[C-1-3] MUST exhibit amplitude levels in the low frequency range: specifically from ±20 dB from 5 Hz to 100 Hz compared to the mid-frequency range for each and every microphone used to record the unprocessed audio source.
[C-1-4] MUST exhibit amplitude levels in the high frequency range: specifically from ±30 dB from 7000 Hz to 22 KHz compared to the mid-frequency range for each and every microphone used to record the unprocessed audio source.
[C-1-5] MUST set audio input sensitivity such that a 1000 Hz sinusoidal tone source played at 94 dB Sound Pressure Level (SPL) yields a response with RMS of 520 for 16 bit-samples (or -36 dB Full Scale for floating point/double precision samples) for each and every microphone used to record the unprocessed audio source.
[C-1-6] MUST have a signal-to-noise ratio (SNR) at 60 dB or higher for each and every microphone used to record the unprocessed audio source. (whereas the SNR is measured as the difference between 94 dB SPL and equivalent SPL of self noise, A-weighted).
[C-1-7] MUST have a total harmonic distortion (THD) less than be less than 1% for 1 kHZ at 90 dB SPL input level at each and every microphone used to record the unprocessed audio source.
MUST not have any other signal processing (e.g. Automatic Gain Control, High Pass Filter, or Echo cancellation) in the path other than a level multiplier to bring the level to desired range. In other words:
All SPL measurements are made directly next to the microphone under test. For multiple microphone configurations, these requirements apply to each microphone.
If device implementations declare android.hardware.microphone
but do not support unprocessed audio source, they:
null
for the AudioManager.getProperty(PROPERTY_SUPPORT_AUDIO_SOURCE_UNPROCESSED)
API method, to properly indicate the lack of support.
Device implementations:
dumpsys
and cmd stats
.
cmd stats
shell command and the StatsManager
System API class.
[C-0-6] MUST provide a mechanism allowing adb to be connected from a host machine. For example:
Dalvik Debug Monitor Service (ddms)
If device implementations report the support of Vulkan 1.0 or higher via the android.hardware.vulkan.version
feature flags, they:
Android includes support for developers to configure application development-related settings.
Device implementations MUST provide a consistent experience for Developer Options, they:
If a device includes a particular hardware component that has a corresponding API for third-party developers:
If an API in the SDK interacts with a hardware component that is stated to be optional and the device implementation does not possess that component:
getSystemAvailableFeatures()
and hasSystemFeature(String)
methods on the android.content.pm.PackageManager class for the same build fingerprint.
A typical example of a scenario where these requirements apply is the telephony API: Even on non-phone devices, these APIs must be implemented as reasonable no-ops.
Android includes facilities that automatically adjust application assets and UI layouts appropriately for the device to ensure that third-party applications run well on a variety of hardware configurations. Devices MUST properly implement these APIs and behaviors, as detailed in this section.
The units referenced by the requirements in this section are defined as follows:
The Android UI framework supports a variety of different logical screen layout sizes, and allows applications to query the current configuration's screen layout size via Configuration.screenLayout
with the SCREENLAYOUT_SIZE_MASK
and Configuration.smallestScreenWidthDp
.
Device implementations:
[C-0-1] MUST report the correct layout size for the Configuration.screenLayout
as defined in the Android SDK documentation. Specifically, device implementations MUST report the correct logical density-independent pixel (dp) screen dimensions as below:
Configuration.uiMode
set as any value other than UI_MODE_TYPE_WATCH, and reporting a small
size for the Configuration.screenLayout
, MUST have at least 426 dp x 320 dp.
normal
size for the Configuration.screenLayout
, MUST have at least 480 dp x 320 dp.
large
size for the Configuration.screenLayout
, MUST have at least 640 dp x 480 dp.
xlarge
size for the Configuration.screenLayout
, MUST have at least 960 dp x 720 dp.
[C-0-2] MUST correctly honor applications' stated support for screen sizes through the <supports-screens
> attribute in the AndroidManifest.xml, as described in the Android SDK documentation.
MAY have a display with rounded corners.
If device implementations support UI_MODE_TYPE_NORMAL
and include a display with rounded corners, they:
While there is no restriction to the screen aspect ratio value of the physical screen display, the screen aspect ratio of the logical display that third-party apps are rendered within, as can be derived from the height and width values reported through the view.Display
APIs and Configuration API, MUST meet the following requirements:
[C-0-1] Device implementations with the Configuration.uiMode
set as UI_MODE_TYPE_NORMAL
MUST have an aspect ratio value between 1.3333 (4:3) and 1.86 (roughly 16:9), unless the app can be deemed as ready to be stretched longer by meeting one of the following conditions:
android.max_aspect
metadata value.
android:MaxAspectRatio
that would restrict the allowed aspect ratio.
[C-0-2] Device implementations with the Configuration.uiMode
set as UI_MODE_TYPE_WATCH
MUST have an aspect ratio value set as 1.0 (1:1).
The Android UI framework defines a set of standard logical densities to help application developers target application resources.
[C-0-1] By default, device implementations MUST report only one of the following logical Android framework densities through the DENSITY_DEVICE_STABLE API and this value MUST NOT change at any time; however, the device MAY report a different arbitrary density according to the display configuration changes made by the user (for example, display size) set after initial boot.
Device implementations SHOULD define the standard Android framework density that is numerically closest to the physical density of the screen, unless that logical density pushes the reported screen size below the minimum supported. If the standard Android framework density that is numerically closest to the physical density results in a screen size that is smaller than the smallest supported compatible screen size (320 dp width), device implementations SHOULD report the next lowest standard Android framework density.
If there is an affordance to change the display size of the device:
If device implementations include a screen or video output, they:
android.util.DisplayMetrics
API.
If device implementations does not include an embedded screen or video output, they:
android.util.DisplayMetrics
API for the emulated default view.Display
.
Device implementations:
android.hardware.screen.portrait
and/or android.hardware.screen.landscape
) and MUST report at least one supported orientation. For example, a device with a fixed orientation landscape screen, such as a television or laptop, SHOULD only report android.hardware.screen.landscape
.
android.content.res.Configuration.orientation
, android.view.Display.getOrientation()
, or other APIs.
If device implementations support both screen orientations, they:
Device implementations:
GLES10.getString()
method) and the native APIs.
If device implementations include a screen or video output, they:
If device implementations support any of the OpenGL ES versions, they:
EGL_KHR_image
, EGL_KHR_image_base
, EGL_ANDROID_image_native_buffer
, EGL_ANDROID_get_native_client_buffer
, EGL_KHR_wait_sync
, EGL_KHR_get_all_proc_addresses
, EGL_ANDROID_presentation_time
, EGL_KHR_swap_buffers_with_damage
and EGL_ANDROID_recordable
extensions.
getString()
method, any texture compression format that they support, which is typically vendor-specific.
If device implementations declare support for OpenGL ES 3.0, 3.1, or 3.2, they:
If device implementations support OpenGL ES 3.2, they:
If device implementations support the OpenGL ES Android Extension Pack in its entirety, they:
android.hardware.opengles.aep
feature flag.
If device implementations expose support for the EGL_KHR_mutable_render_buffer
extension, they:
EGL_ANDROID_front_buffer_auto_refresh
extension.
Android includes support for Vulkan , a low-overhead, cross-platform API for high-performance 3D graphics.
If device implementations support OpenGL ES 3.1, they:
If device implementations include a screen or video output, they:
If device implementations include support for Vulkan 1.0, they:
android.hardware.vulkan.level
and android.hardware.vulkan.version
feature flags.
VkPhysicalDevice
for the Vulkan native API vkEnumeratePhysicalDevices()
.
VkPhysicalDevice
.
libVkLayer*.so
in the application package’s native library directory, through the Vulkan native APIs vkEnumerateInstanceLayerProperties()
and vkEnumerateDeviceLayerProperties()
.
android:debuggable
attribute set as true
.
If device implementations do not include support for Vulkan 1.0, they:
android.hardware.vulkan.level
, android.hardware.vulkan.version
).
VkPhysicalDevice
for the Vulkan native API vkEnumeratePhysicalDevices()
.
If device implementations include support for Vulkan 1.1, they:
SYNC_FD
external semaphore and handle types.
VK_ANDROID_external_memory_android_hardware_buffer
extension.
Android includes a mechanism for applications to declare that they want to enable hardware acceleration for 2D graphics at the Application, Activity, Window, or View level through the use of a manifest tag android:hardwareAccelerated or direct API calls.
Device implementations:
Android includes a TextureView object that lets developers directly integrate hardware-accelerated OpenGL ES textures as rendering targets in a UI hierarchy.
Device implementations:
If device implementations claim support for wide-gamut displays through Configuration.isScreenWideColorGamut()
, they:
EGL_KHR_no_config_context
, EGL_EXT_pixel_format_float
, EGL_KHR_gl_colorspace
, EGL_EXT_gl_colorspace_scrgb
, EGL_EXT_gl_colorspace_scrgb_linear
, EGL_EXT_gl_colorspace_display_p3
, and EGL_KHR_gl_colorspace_display_p3
extensions.
GL_EXT_sRGB
.
Conversely, if device implementations do not support wide-gamut displays, they:
Android specifies a “compatibility mode” in which the framework operates in a 'normal' screen size equivalent (320dp width) mode for the benefit of legacy applications not developed for old versions of Android that pre-date screen-size independence.
The Android platform includes APIs that allow applications to render rich graphics to the display. Devices MUST support all of these APIs as defined by the Android SDK unless specifically allowed in this document.
Device implementations:
Android includes support for secondary display to enable media sharing capabilities and developer APIs for accessing external displays.
If device implementations support an external display either via a wired, wireless, or an embedded additional display connection, they:
DisplayManager
system service and API as described in the Android SDK documentation.
Device implementations:
If device implementations include support for third-party Input Method Editor (IME) applications, they:
android.software.input_methods
feature flag.
Input Management Framework
Device implementations: [C-0-1] MUST NOT include a hardware keyboard that does not match one of the formats specified in android.content.res.Configuration.keyboard (QWERTY or 12-key). SHOULD include additional soft keyboard implementations. * MAY include a hardware keyboard.
Android includes support for d-pad, trackball, and wheel as mechanisms for non-touch navigation.
Device implementations:
If device implementations lack non-touch navigations, they:
The Home, Recents, and Back functions typically provided via an interaction with a dedicated physical button or a distinct portion of the touch screen, are essential to the Android navigation paradigm and therefore, device implementations:
<intent-filter>
set with ACTION=MAIN
and CATEGORY=LAUNCHER
or CATEGORY=LEANBACK_LAUNCHER
for Television device implementations. The Home function SHOULD be the mechanism for this user affordance.
If the Home, Recents, or Back functions are provided, they:
Device implementations:
If device implementations provide the Menu function, they:
If device implementations do not provide the Menu function, for backwards compatibility, they: * [C-3-1] MUST make the Menu function available to applications when targetSdkVersion
is less than 10, either by a physical button, a software key, or gestures. This Menu function should be accessible unless hidden together with other navigation functions.
If device implementations provide the Assist function, they: [C-4-1] MUST make the Assist function accessible with a single action (e.g. tap, double-click or gesture) when other navigation keys are accessible. [SR] STRONGLY RECOMMENDED to use long press on HOME function as this designated interaction.
If device implementations use a distinct portion of the screen to display the navigation keys, they:
View.setSystemUiVisibility()
API method, so that this distinct portion of the screen (a.k.a. the navigation bar) is properly hidden away as documented in the SDK.
Android includes support for a variety of pointer input systems, such as touchscreens, touch pads, and fake touch input devices. Touchscreen-based device implementations are associated with a display such that the user has the impression of directly manipulating items on screen. Since the user is directly touching the screen, the system does not require any additional affordances to indicate the objects being manipulated.
Device implementations:
If device implementations include a touchscreen (single-touch or better), they:
TOUCHSCREEN_FINGER
for the Configuration.touchscreen
API field.
android.hardware.touchscreen
and android.hardware.faketouch
feature flags.
If device implementations include a touchscreen that can track more than a single touch, they:
android.hardware.touchscreen.multitouch
, android.hardware.touchscreen.multitouch.distinct
, android.hardware.touchscreen.multitouch.jazzhand
corresponding to the type of the specific touchscreen on the device.
If device implementations do not include a touchscreen (and rely on a pointer device only) and meet the fake touch requirements in section 7.2.5, they:
android.hardware.touchscreen
and MUST report only android.hardware.faketouch
.
Fake touch interface provides a user input system that approximates a subset of touchscreen capabilities. For example, a mouse or remote control that drives an on-screen cursor approximates touch, but requires the user to first point or focus then click. Numerous input devices like the mouse, trackpad, gyro-based air mouse, gyro-pointer, joystick, and multi-touch trackpad can support fake touch interactions. Android includes the feature constant android.hardware.faketouch, which corresponds to a high-fidelity non-touch (pointer-based) input device such as a mouse or trackpad that can adequately emulate touch-based input (including basic gesture support), and indicates that the device supports an emulated subset of touchscreen functionality.
If device implementations do not include a touchscreen but include another pointer input system which they want to make available, they:
android.hardware.faketouch
feature flag.
If device implementations declare support for android.hardware.faketouch
, they:
TOUCHSCREEN_NOTOUCH
for the Configuration.touchscreen
API field.
If device implementations declare support for android.hardware.faketouch.multitouch.distinct
, they:
android.hardware.faketouch
.
If device implementations declare support for android.hardware.faketouch.multitouch.jazzhand
, they:
android.hardware.faketouch
.
If device implementations declare the android.hardware.gamepad
feature flag, they:
view.InputEvent
constants as listed in the below tables. The upstream Android implementation includes implementation for game controllers that satisfies this requirement.
Button | HID Usage2 | Android Button |
---|---|---|
A1 | 0x09 0x0001 | KEYCODE_BUTTON_A (96) |
B1 | 0x09 0x0002 | KEYCODE_BUTTON_B (97) |
X1 | 0x09 0x0004 | KEYCODE_BUTTON_X (99) |
Y1 | 0x09 0x0005 | KEYCODE_BUTTON_Y (100) |
D-pad up1 D-pad down1 |
0x01 0x00393 | AXIS_HAT_Y4 |
D-pad left1 D-pad right1 |
0x01 0x00393 | AXIS_HAT_X4 |
Left shoulder button1 | 0x09 0x0007 | KEYCODE_BUTTON_L1 (102) |
Right shoulder button1 | 0x09 0x0008 | KEYCODE_BUTTON_R1 (103) |
Left stick click1 | 0x09 0x000E | KEYCODE_BUTTON_THUMBL (106) |
Right stick click1 | 0x09 0x000F | KEYCODE_BUTTON_THUMBR (107) |
Home1 | 0x0c 0x0223 | KEYCODE_HOME (3) |
Back1 | 0x0c 0x0224 | KEYCODE_BACK (4) |
1 KeyEvent
2 The above HID usages must be declared within a Game pad CA (0x01 0x0005).
3 This usage must have a Logical Minimum of 0, a Logical Maximum of 7, a Physical Minimum of 0, a Physical Maximum of 315, Units in Degrees, and a Report Size of 4. The logical value is defined to be the clockwise rotation away from the vertical axis; for example, a logical value of 0 represents no rotation and the up button being pressed, while a logical value of 1 represents a rotation of 45 degrees and both the up and left keys being pressed.
Analog Controls1 | HID Usage | Android Button |
---|---|---|
Left Trigger | 0x02 0x00C5 | AXIS_LTRIGGER |
Right Trigger | 0x02 0x00C4 | AXIS_RTRIGGER |
Left Joystick |
0x01 0x0030 0x01 0x0031 |
AXIS_X AXIS_Y |
Right Joystick |
0x01 0x0032 0x01 0x0035 |
AXIS_Z AXIS_RZ |
See Section 2.3.1 for device-specific requirements.
If device implementations include a particular sensor type that has a corresponding API for third-party developers, the device implementation MUST implement that API as described in the Android SDK documentation and the Android Open Source documentation on sensors.
Device implementations:
android.content.pm.PackageManager
class.
SensorManager.getSensorList()
and similar methods.
true
or false
as appropriate when applications attempt to register listeners, not calling sensor listeners when the corresponding sensors are not present; etc.).
If device implementations include a particular sensor type that has a corresponding API for third-party developers, they:
[SR] SHOULD report the event time in nanoseconds as defined in the Android SDK documentation, representing the time the event happened and synchronized with the SystemClock.elapsedRealtimeNano() clock. Existing and new Android devices are STRONGLY RECOMMENDED to meet these requirements so they will be able to upgrade to the future platform releases where this might become a REQUIRED component. The synchronization error SHOULD be below 100 milliseconds.
[C-1-4] For any API indicated by the Android SDK documentation to be a continuous sensor, device implementations MUST continuously provide periodic data samples that SHOULD have a jitter below 3%, where jitter is defined as the standard deviation of the difference of the reported timestamp values between consecutive events.
[C-1-5] MUST ensure that the sensor event stream MUST NOT prevent the device CPU from entering a suspend state or waking up from a suspend state.
The list above is not comprehensive; the documented behavior of the Android SDK and the Android Open Source Documentations on sensors is to be considered authoritative.
Some sensor types are composite, meaning they can be derived from data provided by one or more other sensors. (Examples include the orientation sensor and the linear acceleration sensor.)
Device implementations:
If device implementations include a composite sensor, they:
If device implementations include a 3-axis accelerometer, they:
TYPE_ACCELEROMETER
sensor.
TYPE_SIGNIFICANT_MOTION
composite sensor.
TYPE_ACCELEROMETER_UNCALIBRATED
sensor if online accelerometer calibration is available.
TYPE_SIGNIFICANT_MOTION
, TYPE_TILT_DETECTOR
, TYPE_STEP_DETECTOR
, TYPE_STEP_COUNTER
composite sensors as described in the Android SDK document.
TYPE_ACCELEROMETER_UNCALIBRATED
sensor.
If device implementations include a 3-axis accelerometer and any of the TYPE_SIGNIFICANT_MOTION
, TYPE_TILT_DETECTOR
, TYPE_STEP_DETECTOR
, TYPE_STEP_COUNTER
composite sensors are implemented:
If device implementations include a 3-axis accelerometer and a gyroscope sensor, they:
TYPE_GRAVITY
and TYPE_LINEAR_ACCELERATION
composite sensors.
TYPE_GAME_ROTATION_VECTOR
composite sensor.
TYPE_GAME_ROTATION_VECTOR
sensor.
If device implementations include a 3-axis accelerometer, a gyroscope sensor and a magnetometer sensor, they:
TYPE_ROTATION_VECTOR
composite sensor.
If device implementations include a 3-axis magnetometer, they:
TYPE_MAGNETIC_FIELD
sensor.
TYPE_MAGNETIC_FIELD_UNCALIBRATED
sensor.
TYPE_MAGNETIC_FIELD_UNCALIBRATED
sensor.
If device implementations include a 3-axis magnetometer, an accelerometer sensor and a gyroscope sensor, they:
TYPE_ROTATION_VECTOR
composite sensor.
If device implementations include a 3-axis magnetometer, an accelerometer, they:
TYPE_GEOMAGNETIC_ROTATION_VECTOR
sensor.
If device implementations include a 3-axis magnetometer, an accelerometer and TYPE_GEOMAGNETIC_ROTATION_VECTOR
sensor, they:
Device implementations:
If device implementations include a GPS/GNSS receiver and report the capability to applications through the android.hardware.location.gps
feature flag, they:
LocationManager#requestLocationUpdate
.
In open sky conditions after determining the location, while stationary or moving with less than 1 meter per second squared of acceleration:
GnssStatus.Callback
at least 8 satellites from one constellation.
LocationManager.getGnssYearOfHardware()
.
If device implementations include a GPS/GNSS receiver and report the capability to applications through the android.hardware.location.gps
feature flag and the LocationManager.getGnssYearOfHardware()
Test API reports the year "2016" or newer, they:
If device implementations include a GPS/GNSS receiver and report the capability to applications through the android.hardware.location.gps
feature flag and the LocationManager.getGnssYearOfHardware()
Test API reports the year "2017" or newer, they:
If device implementations include a GPS/GNSS receiver and report the capability to applications through the android.hardware.location.gps
feature flag and the LocationManager.getGnssYearOfHardware()
Test API reports the year "2018" or newer, they:
Device implementations:
If device implementations include a gyroscope, they:
TYPE_GYROSCOPE
sensor and SHOULD also implement TYPE_GYROSCOPE_UNCALIBRATED
sensor.
SENSOR_TYPE_GYROSCOPE_UNCALIBRATED
sensor.
If device implementations include a gyroscope, an accelerometer sensor and a magnetometer sensor, they:
TYPE_ROTATION_VECTOR
composite sensor.
If device implementations include a gyroscope and an accelerometer sensor, they:
TYPE_GRAVITY
and TYPE_LINEAR_ACCELERATION
composite sensors.
TYPE_GAME_ROTATION_VECTOR
sensor.
TYPE_GAME_ROTATION_VECTOR
composite sensor.
If device implementations include a barometer, they:
TYPE_PRESSURE
sensor.
Device implementations: MAY include an ambient thermometer (temperature sensor). MAY but SHOULD NOT include a CPU temperature sensor.
If device implementations include an ambient thermometer (temperature sensor), they:
SENSOR_TYPE_AMBIENT_TEMPERATURE
and MUST measure the ambient (room/vehicle cabin) temperature from where the user is interacting with the device in degrees Celsius.
SENSOR_TYPE_TEMPERATURE
.
Note the SENSOR_TYPE_TEMPERATURE
sensor type was deprecated in Android 4.0.
If device implementations include a proximity sensor, they:
If device implementations include a set of higher quality sensors as defined in this section, and make available them to third-party apps, they:
android.hardware.sensor.hifi_sensors
feature flag.
If device implementations declare android.hardware.sensor.hifi_sensors
, they:
[C-2-1] MUST have a TYPE_ACCELEROMETER
sensor which:
RATE_VERY_FAST
.
[C-2-2] MUST have a TYPE_ACCELEROMETER_UNCALIBRATED
with the same quality requirements as TYPE_ACCELEROMETER
.
[C-2-3] MUST have a TYPE_GYROSCOPE
sensor which:
RATE_VERY_FAST
.
[C-2-4] MUST have a TYPE_GYROSCOPE_UNCALIBRATED
with the same quality requirements as TYPE_GYROSCOPE
.
[C-2-5] MUST have a TYPE_GEOMAGNETIC_FIELD
sensor which:
[C-2-6] MUST have a TYPE_MAGNETIC_FIELD_UNCALIBRATED
with the same quality requirements as TYPE_GEOMAGNETIC_FIELD
and in addition:
[C-2-7] MUST have a TYPE_PRESSURE
sensor which:
TYPE_GAME_ROTATION_VECTOR
sensor which:
TYPE_SIGNIFICANT_MOTION
sensor which:
TYPE_STEP_DETECTOR
sensor which:
TYPE_STEP_COUNTER
sensor which:
TILT_DETECTOR
sensor which:
SENSOR_TYPE_SIGNIFICANT_MOTION
SENSOR_TYPE_STEP_DETECTOR
SENSOR_TYPE_STEP_COUNTER
SENSOR_TILT_DETECTORS
TYPE_PROXIMITY
sensor, but if present MUST have a minimum buffer capability of 100 sensor events.
Note that all power consumption requirements in this section do not include the power consumption of the Application Processor. It is inclusive of the power drawn by the entire sensor chain—the sensor, any supporting circuitry, any dedicated sensor processing system, etc.
If device implementations include direct sensor support, they:
isDirectChannelTypeSupported
and getHighestDirectReportRateLevel
API.
TYPE_ACCELEROMETER
TYPE_ACCELEROMETER_UNCALIBRATED
TYPE_GYROSCOPE
TYPE_GYROSCOPE_UNCALIBRATED
TYPE_MAGNETIC_FIELD
TYPE_MAGNETIC_FIELD_UNCALIBRATED
If device implementations include a secure lock screen, they:
If device implementations include a fingerprint sensor and make the sensor available to third-party apps, they:
android.hardware.fingerprint
feature.
If device implementations include one or more non-fingerprint-based-biometric sensors and make them available to third-party apps they:
DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT
, DevicePolicymanager.KEYGUARD_DISABLE_FACE
, or DevicePolicymanager.KEYGUARD_DISABLE_IRIS
).
Automotive-specific sensors are defined in the android.car.CarSensorManager API
.
See Section 2.5.1 for device-specific requirements.
See Section 2.5.1 for device-specific requirements.
This requirement is deprecated.
See Section 2.5.1 for device-specific requirements.
See Section 2.5.1 for device-specific requirements.
Device implementations:
If device implementations support pose sensor with 6 degrees of freedom, they:
TYPE_POSE_6DOF
sensor.
“Telephony” as used by the Android APIs and this document refers specifically to hardware related to placing voice calls and sending SMS messages via a GSM or CDMA network. While these voice calls may or may not be packet-switched, they are for the purposes of Android considered independent of any data connectivity that may be implemented using the same network. In other words, the Android “telephony” functionality and APIs refer specifically to voice calls and SMS. For instance, device implementations that cannot place calls or send/receive SMS messages are not considered a telephony device, regardless of whether they use a cellular network for data connectivity.
If device implementations include GSM or CDMA telephony, they:
android.hardware.telephony
feature flag and other sub-feature flags according to the technology.
If device implementations do not include telephony hardware, they:
If device implementations report the android.hardware.telephony feature
, they:
BlockedNumberContract
and the corresponding API as described in the SDK documentation.
TelecomManager.createManageBlockedNumbersIntent()
method.
If device implementations report android.hardware.telephony
, they:
ConnectionService
APIs described in the SDK.
CAPABILITY_SUPPORT_HOLD
.
[C-SR] Are STRONGLY RECOMMENDED to notify the user that answering an incoming call will drop an ongoing call.
The AOSP implementation meets these requirements by a heads-up notification which indicates to the user that answering an incoming call will cause the other call to be dropped.
[C-SR] Are STRONGLY RECOMMENDED to preload the default dialer app that shows a call log entry and the name of a third-party app in its call log when the third-party app sets the EXTRA_LOG_SELF_MANAGED_CALLS
extras key on its PhoneAccount
to true
.
KEYCODE_MEDIA_PLAY_PAUSE
and KEYCODE_HEADSETHOOK
events for the android.telecom
APIs as below:
Connection.onDisconnect()
when a short press of the key event is detected during an ongoing call.
Connection.onAnswer()
when a short press of the key event is detected during an incoming call.
Connection.onReject()
when a long press of the key event is detected during an incoming call.
CallAudioState
.
Device implementations:
If device implementations include support for 802.11 and expose the functionality to a third-party application, they:
android.hardware.wifi
.
WifiManager.enableNetwork()
API method call as a sufficient indication to switch the currently active Network
that is used by default for application traffic and is returned by ConnectivityManager
API methods such as getActiveNetwork
and registerDefaultNetworkCallback
. In other words, they MAY only disable the Internet access provided by any other network provider (e.g. mobile data) if they successfully validate that the Wi-Fi network is providing Internet access.
ConnectivityManager.reportNetworkConnectivity()
API method is called, re-evaluate the Internet access on the Network
and, once the evaluation determines that the current Network
no longer provides Internet access, switch to any other available network (e.g. mobile data) that provides Internet access.
If device implementations support Wi-Fi and use Wi-Fi for location scanning, they:
WifiManager.isScanAlwaysAvailable
API method.
Device implementations:
If device implementations include support for Wi-Fi Direct, they:
android.hardware.wifi.direct
.
Device implementations:
If device implementations include support for TDLS and TDLS is enabled by the WiFiManager API, they:
WifiManager.isTdlsSupported
] (https://developer.android.com/reference/android/net/wifi/WifiManager.html#isTdlsSupported%28%29).
Device implementations:
If device implementations include support for Wi-Fi Aware and expose the functionality to third-party apps, then they:
WifiAwareManager
APIs as described in the SDK documentation.
android.hardware.wifi.aware
feature flag.
If device implementations include support for Wi-Fi Aware and Wi-Fi Location as described in Section 7.4.2.5 and exposes these functionalities to third-party apps, then they:
Device implementations:
If device implementations include support for Wi-Fi Passpoint, they:
WifiManager
APIs as described in the SDK documentation.
Conversely if device implementations do not include support for Wi-Fi Passpoint:
WifiManager
APIs MUST throw an UnsupportedOperationException
.
Device implementations:
If device implementations include support for Wi-Fi Location and expose the functionality to third-party apps, then they:
WifiRttManager
APIs as described in the SDK documentation.
android.hardware.wifi.rtt
feature flag.
If device implementations support Bluetooth Audio profile, they:
If device implementations support HFP, A2DP and AVRCP, they:
If device implementations declare android.hardware.vr.high_performance
feature, they:
Android includes support for Bluetooth and Bluetooth Low Energy.
If device implementations include support for Bluetooth and Bluetooth Low Energy, they:
android.hardware.bluetooth
and android.hardware.bluetooth_le
respectively) and implement the platform APIs.
If device implementations include support for Bluetooth Low Energy, they:
android.hardware.bluetooth_le
.
BluetoothAdapter.isOffloadedFilteringSupported()
to indicate whether the filtering logic for the ScanFilter API classes is implemented.
BluetoothAdapter.isMultipleAdvertisementSupported()
to indicate whether Low Energy Advertising is supported.
SHOULD support multi advertisement with at least 4 slots.
[SR] STRONGLY RECOMMENDED to implement a Resolvable Private Address (RPA) timeout no longer than 15 minutes and rotate the address at timeout to protect user privacy.
If device implementations support Bluetooth LE and use Bluetooth LE for location scanning, they:
BluetoothAdapter.isBleScanAlwaysAvailable()
.
Device implementations:
android.nfc.NdefMessage
and android.nfc.NdefRecord
APIs even if they do not include support for NFC or declare the android.hardware.nfc
feature as the classes represent a protocol-independent data representation format.
If device implementations include NFC hardware and plan to make it available to third-party apps, they:
android.hardware.nfc
feature from the android.content.pm.PackageManager.hasSystemFeature()
method.
[SR] STRONGLY RECOMMENDED to be capable of reading and writing NDEF messages as well as raw data via the following NFC standards. Note that while the NFC standards are stated as STRONGLY RECOMMENDED, the Compatibility Definition for a future version is planned to change these to MUST. These standards are optional in this version but will be required in future versions. Existing and new devices that run this version of Android are very strongly encouraged to meet these requirements now so they will be able to upgrade to the future platform releases.
[C-1-3] MUST be capable of transmitting and receiving data via the following peer-to-peer standards and protocols:
android.nfc.ACTION_NDEF_DISCOVERED
intent. Disabling Android Beam in settings MUST NOT disable dispatch of incoming NDEF message.
android.settings.NFCSHARING_SETTINGS
intent to show NFC sharing settings.
android.nfc.NfcAdapter.setNdefPushMessage
, and android.nfc.NfcAdapter.setNdefPushMessageCallback
, and android.nfc.NfcAdapter.enableForegroundNdefPush
.
android.nfc.NfcAdapter.setBeamPushUris
, by implementing the “Connection Handover version 1.2” and “Bluetooth Secure Simple Pairing Using NFC version 1.0” specs from the NFC Forum. Such an implementation MUST implement the handover LLCP service with service name “urn:nfc:sn:handover” for exchanging the handover request/select records over NFC, and it MUST use the Bluetooth Object Push Profile for the actual Bluetooth data transfer. For legacy reasons (to remain compatible with Android 4.1 devices), the implementation SHOULD still accept SNEP GET requests for exchanging the handover request/select records over NFC. However an implementation itself SHOULD NOT send SNEP GET requests for performing connection handover.
Note that publicly available links are not available for the JIS, ISO, and NFC Forum specifications cited above.
Android includes support for NFC Host Card Emulation (HCE) mode.
If device implementations include an NFC controller chipset capable of HCE (for NfcA and/or NfcB) and support Application ID (AID) routing, they:
android.hardware.nfc.hce
feature constant.
If device implementations include an NFC controller chipset capable of HCE for NfcF, and implement the feature for third-party applications, they:
android.hardware.nfc.hcef
feature constant.
If device implementations include general NFC support as described in this section and support MIFARE technologies (MIFARE Classic, MIFARE Ultralight, NDEF on MIFARE Classic) in the reader/writer role, they:
com.nxp.mifare
from the android.content.pm.PackageManager.hasSystemFeature
() method. Note that this is not a standard Android feature and as such does not appear as a constant in the android.content.pm.PackageManager
class.
Device implementations:
java.net.Socket
and java.net.URLConnection
, as well as the native APIs, such as AF_INET6
sockets.
Socket#getLocalAddress
or Socket#getLocalPort
) and NDK APIs such as getsockname()
or IPV6_PKTINFO
MUST return the IP address and port that is actually used to send and receive packets on the network.
The required level of IPv6 support depends on the network type, as shown in the following requirements.
If device implementations support Wi-Fi, they:
If device implementations support Ethernet, they:
If device implementations support Cellular data, they:
If device implementations support more than one network type (e.g., Wi-Fi and cellular data), they:
Device implementations:
getMasterSyncAutomatically()
returns “true”.
If device implementations include a metered connection, they are:
If device implementations provide the data saver mode, they:
ConnectivityManager
class as described in the SDK documentation
Settings.ACTION_IGNORE_BACKGROUND_DATA_RESTRICTIONS_SETTINGS
intent, allowing users to add applications to or remove applications from the whitelist.
If device implementations do not provide the data saver mode, they:
RESTRICT_BACKGROUND_STATUS_DISABLED
for ConnectivityManager.getRestrictBackgroundStatus()
ConnectivityManager.ACTION_RESTRICT_BACKGROUND_CHANGED
.
Settings.ACTION_IGNORE_BACKGROUND_DATA_RESTRICTIONS_SETTINGS
intent but MAY implement it as a no-op.
If device implementations support Open Mobile API capable secure elements and make them available to 3rd-party apps, they:
android.se.omapi.SEService.getReaders()
method is called.
If device implementations include at least one camera, they:
android.hardware.camera.any
feature flag.
A rear-facing camera is a camera located on the side of the device opposite the display; that is, it images scenes on the far side of the device, like a traditional camera.
Device implementations:
If device implementations include at least one rear-facing camera, they:
android.hardware.camera
and android.hardware.camera.any
.
If the camera includes a flash:
android.hardware.Camera.PreviewCallback
instance has been registered on a Camera preview surface, unless the application has explicitly enabled the flash by enabling the FLASH_MODE_AUTO
or FLASH_MODE_ON
attributes of a Camera.Parameters
object. Note that this constraint does not apply to the device’s built-in system camera application, but only to third-party applications using Camera.PreviewCallback
.
A front-facing camera is a camera located on the same side of the device as the display; that is, a camera typically used to image the user, such as for video conferencing and similar applications.
Device implementations:
If device implementations include at least one front-facing camera, they:
android.hardware.camera.any
and android.hardware.camera.front
.
android.hardware.Camera.setDisplayOrientation()
method. Conversely, the preview MUST be mirrored along the device’s default horizontal axis when the current application does not explicitly request that the Camera display be rotated via a call to the android.hardware.Camera.setDisplayOrientation()
method.
If device implementations are capable of being rotated by user (such as automatically via an accelerometer or manually via user input):
Device implementations:
If device implementations include support for an external camera, they:
android.hardware.camera.external
and android.hardware camera.any
.
If camera-based video encoding is supported:
Android includes two API packages to access the camera, the newer android.hardware.camera2 API expose lower-level camera control to the app, including efficient zero-copy burst/streaming flows and per-frame controls of exposure, gain, white balance gains, color conversion, denoising, sharpening, and more.
The older API package,android.hardware.Camera
, is marked as deprecated in Android 5.0 but as it should still be available for apps to use. Android device implementations MUST ensure the continued support of the API as described in this section and in the Android SDK.
All features that are common between the deprecated android.hardware.Camera class and the newer android.hardware.camera2 package MUST have equivalent performance and quality in both APIs. For example, with equivalent settings, autofocus speed and accuracy must be identical, and the quality of captured images must be the same. Features that depend on the different semantics of the two APIs are not required to have matching speed or quality, but SHOULD match as closely as possible.
Device implementations MUST implement the following behaviors for the camera-related APIs, for all available cameras. Device implementations:
android.hardware.PixelFormat.YCbCr_420_SP
for preview data provided to application callbacks when an application has never called android.hardware.Camera.Parameters.setPreviewFormat(int)
.
android.hardware.Camera.PreviewCallback
instance and the system calls the onPreviewFrame()
method and the preview format is YCbCr_420_SP, the data in the byte[] passed into onPreviewFrame()
. That is, NV21 MUST be the default.
android.graphics.ImageFormat.YV12
constant) for camera previews for both front- and rear-facing cameras for android.hardware.Camera
. (The hardware video encoder and camera may use any native pixel format, but the device implementation MUST support conversion to YV12.)
android.hardware.ImageFormat.YUV_420_888
and android.hardware.ImageFormat.JPEG
formats as outputs through the android.media.ImageReader
API for android.hardware.camera2
devices that advertise REQUEST_AVAILABLE_CAPABILITIES_BACKWARD_COMPATIBLE
capability in android.request.availableCapabilities
.
android.hardware.Camera.AutoFocusCallback
instances (even though this has no relevance to a non-autofocus camera.) Note that this does apply to front-facing cameras; for instance, even though most front-facing cameras do not support autofocus, the API callbacks must still be “faked” as described.
android.hardware.Camera.Parameters
class. Conversely, device implementations MUST NOT honor or recognize string constants passed to the android.hardware.Camera.setParameters()
method other than those documented as constants on the android.hardware.Camera.Parameters
. That is, device implementations MUST support all standard Camera parameters if the hardware allows, and MUST NOT support custom Camera parameter types. For instance, device implementations that support image capture using high dynamic range (HDR) imaging techniques MUST support camera parameter Camera.SCENE_MODE_HDR
.
android.info.supportedHardwareLevel
property as described in the Android SDK and report the appropriate framework feature flags.
android.hardware.camera2
via the android.request.availableCapabilities
property and declare the appropriate feature flags; MUST define the feature flag if any of its attached camera devices supports the feature.
Camera.ACTION_NEW_PICTURE
intent whenever a new picture is taken by the camera and the entry of the picture has been added to the media store.
Camera.ACTION_NEW_VIDEO
intent whenever a new video is recorded by the camera and the entry of the picture has been added to the media store.
CameraMetadata.REQUEST_AVAILABLE_CAPABILITIES_LOGICAL_MULTI_CAMERA
, for devices with multiple cameras facing the same direction, consisting of each physical camera facing that direction, as long as the physical camera type is supported by the framework and CameraCharacteristics.INFO_SUPPORTED_HARDWARE_LEVEL
for the physical cameras is either LIMITED
, FULL
, or LEVEL_3
.
If device implementations have a front- or a rear-facing camera, such camera(s):
Device implementations:
Device implementations:
sdcard
or include a Linux symbolic link from sdcard
to the actual mount point.
android.permission.WRITE_EXTERNAL_STORAGE
permission on this shared storage as documented in the SDK. Shared storage MUST otherwise be writable by any application that obtains that permission.
Device implementations MAY meet the above requirements using either of the following:
If device implementations use removable storage to satisfy the above requirements, they:
If device implementations use a portion of the non-removable storage to satisfy the above requirements, they:
If device implementations include multiple shared storage paths (such as both an SD card slot and shared internal storage), they:
WRITE_EXTERNAL_STORAGE
permission to write to the secondary external storage, except when writing to their package-specific directories or within the URI
returned by firing the ACTION_OPEN_DOCUMENT_TREE
intent.
If device implementations have a USB port with USB peripheral mode support, they:
android.provider.MediaStore
.
If device implementations have a USB port with USB peripheral mode and support Media Transfer Protocol, they:
If the device is expected to be mobile in nature unlike Television, device implementations are:
If the removable storage device port is in a long-term stable location, such as within the battery compartment or other protective cover, device implementations are:
If device implementations have a USB port, they:
If device implementations include a USB port supporting peripheral mode:
iSerialNumber
in USB standard device descriptor through android.os.Build.SERIAL
.
If device implementations include a USB port and implement the AOA specification, they:
android.hardware.usb.accessory
.
iInterface
string of the USB mass storage
If device implementations include a USB port supporting host mode, they:
android.hardware.usb.host
.
If device implementations include a USB port supporting host mode and the USB audio class, they:
KeyEvent
constants as below:
KEYCODE_MEDIA_PLAY_PAUSE
KEYCODE_VOLUME_UP
KEYCODE_VOLUME_DOWN
KEYCODE_VOICE_ASSIST
If device implementations include a USB port supporting host mode and the Storage Access Framework (SAF), they:
ACTION_GET_CONTENT
, ACTION_OPEN_DOCUMENT
, and ACTION_CREATE_DOCUMENT
intents. .
If device implementations include a USB port supporting host mode and USB Type-C, they:
If device implementations include a microphone, they:
android.hardware.microphone
feature constant.
If device implementations omit a microphone, they:
android.hardware.microphone
feature constant.
If device implementations include a speaker or an audio/multimedia output port for an audio output peripheral such as a 4 conductor 3.5mm audio jack or USB host mode port using USB audio class, they:
android.hardware.audio.output
feature constant.
If device implementations do not include a speaker or audio output port, they:
android.hardware.audio.output
feature.
For the purposes of this section, an "output port" is a physical interface such as a 3.5mm audio jack, HDMI, or USB host mode port with USB audio class. Support for audio output over radio-based protocols such as Bluetooth, WiFi, or cellular network does not qualify as including an "output port".
In order to be compatible with the headsets and other audio accessories using the 3.5mm audio plug across the Android ecosystem, if device implementations include one or more analog audio ports, they:
If device implementations have a 4 conductor 3.5mm audio jack, they:
KEYCODE_HEADSETHOOK
KEYCODE_VOLUME_UP
KEYCODE_VOLUME_DOWN
ACTION_HEADSET_PLUG
upon a plug insert, but only after all contacts on plug are touching their relevant segments on the jack.
KEYCODE_VOICE_ASSIST
If device implementations have a 4 conductor 3.5mm audio jack and support a microphone, and broadcast the android.intent.action.HEADSET_PLUG
with the extra value microphone set as 1, they:
Near-Ultrasound audio is the 18.5 kHz to 20 kHz band.
Device implementations:
If PROPERTY_SUPPORT_MIC_NEAR_ULTRASOUND
is "true", the following requirements MUST be met by the VOICE_RECOGNITION
and UNPROCESSED
audio sources:
If PROPERTY_SUPPORT_SPEAKER_NEAR_ULTRASOUND
is "true":
Android includes APIs and facilities to build "Virtual Reality" (VR) applications including high quality mobile VR experiences. Device implementations MUST properly implement these APIs and behaviors, as detailed in this section.
Android includes support for VR Mode, a feature which handles stereoscopic rendering of notifications and disables monocular system UI components while a VR application has user focus.
If device implementations support VR mode, they:
android.hardware.vr.high_performance
feature.
android.hardware.vulkan.level
0.
android.hardware.vulkan.level
1 or higher.
EGL_KHR_mutable_render_buffer
, EGL_ANDROID_front_buffer_auto_refresh
, EGL_ANDROID_get_native_client_buffer
, EGL_KHR_fence_sync
, EGL_KHR_wait_sync
, EGL_IMG_context_priority
, EGL_EXT_protected_content
, EGL_EXT_image_gl_colorspace
, and expose the extensions in the list of available EGL extensions.
GL_EXT_multisampled_render_to_texture2
, GL_OVR_multiview
, GL_OVR_multiview2
, GL_OVR_multiview_multisampled_render_to_texture
, GL_EXT_protected_textures
, GL_EXT_EGL_image_array
, GL_EXT_external_buffer
, and expose the extensions in the list of available GL extensions.
VK_KHR_shared_presentable_image
, VK_GOOGLE_display_timing
and expose the extensions in the list of available Vulkan extensions.
flags
contain both VK_QUEUE_GRAPHICS_BIT
and VK_QUEUE_COMPUTE_BIT
, and queueCount
is at least 2.
VK_ANDROID_external_memory_android_hardware_buffer
and expose it in the list of available Vulkan extensions.
AHardwareBuffer
flags AHARDWAREBUFFER_USAGE_GPU_DATA_BUFFER
, AHARDWAREBUFFER_USAGE_SENSOR_DIRECT_DATA
and AHARDWAREBUFFER_USAGE_PROTECTED_CONTENT
as described in the NDK.
AHardwareBuffers
with more than one layer and any combination of the usage flags AHARDWAREBUFFER_USAGE_GPU_COLOR_OUTPUT
, AHARDWAREBUFFER_USAGE_GPU_SAMPLED_IMAGE
, AHARDWAREBUFFER_USAGE_PROTECTED_CONTENT
for at least the following formats: AHARDWAREBUFFER_FORMAT_R5G6B5_UNORM
, AHARDWAREBUFFER_FORMAT_R8G8B8A8_UNORM
, AHARDWAREBUFFER_FORMAT_R10G10B10A2_UNORM
, AHARDWAREBUFFER_FORMAT_R16G16B16A16_FLOAT
.
HardwarePropertiesManager.getDeviceTemperatures
API and return accurate values for skin temperature.
TYPE_ACCELEROMETER
TYPE_ACCELEROMETER_UNCALIBRATED
TYPE_GYROSCOPE
TYPE_GYROSCOPE_UNCALIBRATED
TYPE_MAGNETIC_FIELD
TYPE_MAGNETIC_FIELD_UNCALIBRATED
TYPE_HARDWARE_BUFFER
direct channel type for all Direct Channel Types listed above.
android.hardware.hifi_sensors
, as specified in section 7.3.9.
android.hardware.sensor.hifi_sensors
feature.
Process.getExclusiveCores
API to return the numbers of the cpu cores that are exclusive to the top foreground application.
If exclusive core is supported, then the core:
Some minimum performance and power criteria are critical to the user experience and impact the baseline assumptions developers would have when developing an app.
A smooth user interface can be provided to the end user if there are certain minimum requirements to ensure a consistent frame rate and response times for applications and games. Device implementations, depending on the device type, MAY have measurable requirements for the user interface latency and task switching as described in section 2.
Providing a common baseline for a consistent file access performance on the application private data storage (/data
partition) allows app developers to set a proper expectation that would help their software design. Device implementations, depending on the device type, MAY have certain requirements described in section 2 for the following read and write operations:
If device implementations include features to improve device power management that are included in AOSP or extend the features that are included in AOSP, they:
true
for PowerManager.isPowerSaveMode()
when the device is on power save mode.
In addition to the power-saving modes, Android device implementations MAY implement any or all of the 4 sleeping power states as defined by the Advanced Configuration and Power Interface (ACPI).
If device implementations implement S3 and S4 power states as defined by the ACPI, they:
A more accurate accounting and reporting of the power consumption provides the app developer both the incentives and the tools to optimize the power usage pattern of the application.
Device implementations:
uid_cputime
kernel module implementation.
adb shell dumpsys batterystats
shell command to the app developer.
Performance can fluctuate dramatically for high-performance long-running apps, either because of the other apps running in the background or the CPU throttling due to temperature limits. Android includes programmatic interfaces so that when the device is capable, the top foreground application can request that the system optimize the allocation of the resources to address such fluctuations.
Device implementations:
[C-0-1] MUST report the support of Sustained Performance Mode accurately through the PowerManager.isSustainedPerformanceModeSupported()
API method.
SHOULD support Sustained Performance Mode.
If device implementations report support of Sustained Performance Mode, they:
Window.setSustainedPerformanceMode()
API and other related APIs.
If device implementations include two or more CPU cores, they:
If device implementations support reserving one exclusive core for the top foreground application, they:
Process.getExclusiveCores()
API method the ID numbers of the exclusive cores that can be reserved by the top foreground application.
If device implementations do not support an exclusive core, they:
Process.getExclusiveCores()
API method.
Device implementations:
[C-0-1] MUST implement a security model consistent with the Android platform security model as defined in Security and Permissions reference document in the APIs in the Android developer documentation.
[C-0-2] MUST support installation of self-signed applications without requiring any additional permissions/certificates from any third parties/authorities. Specifically, compatible devices MUST support the security mechanisms described in the follow subsections.
Device implementations:
[C-0-1] MUST support the Android permissions model as defined in the Android developer documentation. Specifically, they MUST enforce each permission defined as described in the SDK documentation; no permissions may be omitted, altered, or ignored.
MAY add additional permissions, provided the new permission ID strings are not in the android.\*
namespace.
[C-0-2] Permissions with a protectionLevel
of PROTECTION_FLAG_PRIVILEGED
MUST only be granted to apps preloaded in the privileged path(s) of the system image and within the subset of the explicitly whitelisted permissions for each app. The AOSP implementation meets this requirement by reading and honoring the whitelisted permissions for each app from the files in the etc/permissions/
path and using the system/priv-app
path as the privileged path.
Permissions with a protection level of dangerous are runtime permissions. Applications with targetSdkVersion
> 22 request them at runtime.
Device implementations:
android.permission.RECOVER_KEYSTORE
permission only to system apps that register a properly secured Recovery Agent. A properly secured Recovery Agent is defined as an on-device software agent that synchronizes with an off-device remote storage, that is equipped with secure hardware with protection equivalent or stronger than what is described in Google Cloud Key Vault Service to prevent brute-force attacks on the lockscreen knowledge factor.
If device implementations include a pre-installed app or wish to allow third-party apps to access the usage statistics, they:
android.settings.ACTION_USAGE_ACCESS_SETTINGS
intent for apps that declare the android.permission.PACKAGE_USAGE_STATS
permission.
If device implementations intend to disallow any apps, including pre-installed apps, from accessing the usage statistics, they:
android.settings.ACTION_USAGE_ACCESS_SETTINGS
intent pattern but MUST implement it as a no-op, that is to have an equivalent behavior as when the user is declined for access.
Device implementations:
Device implementations:
Device implementations MUST keep consistency of the Android security and permission model, even if they include runtime environments that execute applications using some other software or technology than the Dalvik Executable Format or native code. In other words:
[C-0-1] Alternate runtimes MUST themselves be Android applications, and abide by the standard Android security model, as described elsewhere in section 9.
[C-0-2] Alternate runtimes MUST NOT be granted access to resources protected by permissions not requested in the runtime’s AndroidManifest.xml
file via the <uses-permission
> mechanism.
[C-0-3] Alternate runtimes MUST NOT permit applications to make use of features protected by Android permissions restricted to system applications.
[C-0-4] Alternate runtimes MUST abide by the Android sandbox model and installed applications using an alternate runtime MUST NOT reuse the sandbox of any other app installed on the device, except through the standard Android mechanisms of shared user ID and signing certificate.
[C-0-5] Alternate runtimes MUST NOT launch with, grant, or be granted access to the sandboxes corresponding to other Android applications.
[C-0-6] Alternate runtimes MUST NOT be launched with, be granted, or grant to other applications any privileges of the superuser (root), or of any other user ID.
[C-0-7] When the .apk
files of alternate runtimes are included in the system image of device implementations, it MUST be signed with a key distinct from the key used to sign other applications included with the device implementations.
[C-0-8] When installing applications, alternate runtimes MUST obtain user consent for the Android permissions used by the application.
[C-0-9] When an application needs to make use of a device resource for which there is a corresponding Android permission (such as Camera, GPS, etc.), the alternate runtime MUST inform the user that the application will be able to access that resource.
[C-0-10] When the runtime environment does not record application capabilities in this manner, the runtime environment MUST list all permissions held by the runtime itself when installing any application using that runtime.
Alternate runtimes SHOULD install apps via the PackageManager
into separate Android sandboxes (Linux user IDs, etc.).
Alternate runtimes MAY provide a single Android sandbox shared by all applications using the alternate runtime.
Android includes support for multiple users and provides support for full user isolation.
If device implementations include multiple users, they:
/sdcard
) directories for each user instance.
If device implementations include multiple users and do not declare the android.hardware.telephony
feature flag, they:
If device implementations include multiple users and declare the android.hardware.telephony
feature flag, they:
Android includes support for warning users of any outgoing premium SMS message. Premium SMS messages are text messages sent to a service registered with a carrier that may incur a charge to the user.
If device implementations declare support for android.hardware.telephony
, they:
/data/misc/sms/codes.xml
file in the device. The upstream Android Open Source Project provides an implementation that satisfies this requirement.
Device implementations MUST ensure compliance with security features in both the kernel and platform as described below.
The Android Sandbox includes features that use the Security-Enhanced Linux (SELinux) mandatory access control (MAC) system, seccomp sandboxing, and other security features in the Linux kernel. Device implementations:
Kernel integrity and self-protection features are integral to Android security. Device implementations:
CONFIG_CC_STACKPROTECTOR_STRONG
).
CONFIG_DEBUG_RODATA
or CONFIG_STRICT_KERNEL_RWX
).
CONFIG_HARDENED_USERCOPY
) on devices originally shipping with API level 28 or higher.
CONFIG_CPU_SW_DOMAIN_PAN
or CONFIG_ARM64_SW_TTBR0_PAN
) on devices originally shipping with API level 28 or higher.
CONFIG_CPU_SW_DOMAIN_PAN
or CONFIG_ARM64_SW_TTBR0_PAN
) on devices originally shipping with API level 28 or higher.
CONFIG_PAGE_TABLE_ISOLATION
or `CONFIG_UNMAP_KERNEL_AT_EL0).
__ro_after_init
).
CONFIG_RANDOMIZE_BASE
with bootloader entropy via the /chosen/kaslr-seed Device Tree node
or EFI_RNG_PROTOCOL
).
If device implementations use a Linux kernel, they:
If device implementations use kernel other than Linux, they:
Android contains multiple defense-in-depth features that are integral to device security.
Device implementations:
Android stores the history of the user's choices and manages such history by UsageStatsManager.
Device implementations:
Android stores the system events using the StatsLog
identifiers, and manages such history via the StatsManager
and the IncidentManager
System API.
Device implementations:
DEST_AUTOMATIC
in the incident report created by the System API class IncidentManager
.
StatsLog
SDK documents. If additional system events are logged, they MAY use a different atom identifier in the range between 100,000 and 200,000.
Device implementations:
If device implementations include functionality in the system that captures the contents displayed on the screen and/or records the audio stream played on the device, they:
If device implementations include a component enabled out-of-box, capable of recording ambient audio to infer useful information about user’s context, they:
If device implementations have a USB port with USB peripheral mode support, they:
Device implementations:
If device traffic is routed through a VPN, device implementations:
If device implementations have a mechanism, enabled out-of-box by default, that routes network data traffic through a proxy server or VPN gateway (for example, preloading a VPN service with android.permission.CONTROL_VPN
granted), they:
DevicePolicyManager.setAlwaysOnVpnPackage()
, in which case the user does not need to provide a separate consent, but MUST only be notified.
If device implementations implement a user affordance to toggle on the "always-on VPN" function of a 3rd-party VPN app, they:
AndroidManifest.xml
file via setting the SERVICE_META_DATA_SUPPORTS_ALWAYS_ON
attribute to false
.
If Advanced Encryption Standard (AES) crypto performance, measured with the most performant AES technology available on the device (e.g. the ARM Cryptography Extensions), is above 50 MiB/sec, device implementations:
/data
partition), as well as the application shared storage partition (/sdcard
partition) if it is a permanent, non-removable part of the device, except for device implementations that are typically shared (e.g. Television).
If device implementations are already launched on an earlier Android version and cannot meet the requirement through a system software update, they MAY be exempted from the above requirements.
Device implementations:
Device implementations:
[C-0-1] MUST implement the Direct Boot mode APIs even if they do not support Storage Encryption.
[C-0-2] The ACTION_LOCKED_BOOT_COMPLETED
and ACTION_USER_UNLOCKED
Intents MUST still be broadcast to signal Direct Boot aware applications that Device Encrypted (DE) and Credential Encrypted (CE) storage locations are available for user.
If device implementations support FBE, they:
ACTION_LOCKED_BOOT_COMPLETED
message is broadcasted.
ACTION_USER_UNLOCKED
message is broadcasted.
[C-1-6] MUST support encrypting file names using AES-256 in CBC-CTS mode.
The keys protecting CE and DE storage areas:
[C-1-7] MUST be cryptographically bound to a hardware-backed Keystore.
[C-1-10] MUST be unique and distinct, in other words no user's CE or DE key matches any other user's CE or DE keys.
[C-1-11] MUST use the mandatorily supported ciphers, key lengths and modes by default.
[C-SR] Are STRONGLY RECOMMENDED to encrypt file system metadata, such as file sizes, ownership, modes, and Extended attributes (xattrs), with a key cryptographically bound to the device's hardware root of trust.
SHOULD make preloaded essential apps (e.g. Alarm, Phone, Messenger) Direct Boot aware.
The upstream Android Open Source project provides a preferred implementation of this feature based on the Linux kernel ext4 encryption feature.
If device implementations support full disk encryption (FDE), they:
The upstream Android Open Source project provides a preferred implementation of this feature, based on the Linux kernel feature dm-crypt.
The following requirements ensures there is transparency to the status of the device integrity. Device implementations:
[C-0-1] MUST correctly report through the System API method PersistentDataBlockManager.getFlashLockState()
whether their bootloader state permits flashing of the system image. The FLASH_LOCK_UNKNOWN
state is reserved for device implementations upgrading from an earlier version of Android where this new system API method did not exist.
[C-0-2] MUST support Verified Boot for device integrity.
If device implementations are already launched without supporting Verified Boot on an earlier version of Android and can not add support for this feature with a system software update, they MAY be exempted from the requirement.
Verified Boot is a feature that guarantees the integrity of the device software. If device implementations support the feature, they:
android.software.verified_boot
.
/system
, which is protected by Verified Boot.
If device implementations are already launched without supporting C-1-8 through C-1-10 on an earlier version of Android and can not add support for these requirements with a system software update, they MAY be exempted from the requirements.
The upstream Android Open Source Project provides a preferred implementation of this feature in the external/avb/
repository, which can be integrated into the bootloader used for loading Android.
Device implementations:
If device implementations support the Android Protected Confirmation API they:
true
for the ConfirmationPrompt.isSupported()
API.
The Android Keystore System allows app developers to store cryptographic keys in a container and use them in cryptographic operations through the KeyChain API or the Keystore API. Device implementations:
When the device implementation supports a secure lock screen, it:
Note that if a device implementation is already launched on an earlier Android version, such a device is exempted from the requirement to have a keystore backed by an isolated execution environment and support the key attestation, unless it declares the android.hardware.fingerprint
feature which requires a keystore backed by an isolated execution environment.
The AOSP implementation follows a tiered authentication model where a knowledge-factory based primary authentication can be backed by either a secondary strong biometric, or by weaker tertiary modalities.
Device implementations:
Note that the above authentication methods are referred as the recommended primary authentication methods in this document.
If device implementations add or modify the recommended primary authentication methods and use a new authentication method as a secure way to lock the screen, the new authentication method:
createConfirmDeviceCredentialIntent
and setUserAuthenticationRequired
.
If device implementations add or modify the authentication methods to unlock the lock screen if based on a known secret and use a new authentication method to be treated as a secure way to lock the screen:
DevicePolicyManager.setPasswordQuality()
method with a more restrictive quality constant than PASSWORD_QUALITY_SOMETHING
.
If device implementations add or modify the recommended primary authentication methods to unlock the lock screen and use a new authentication method that is based on biometrics to be treated as a secure way to lock the screen, the new method:
DevicePolicyManager.setKeyguardDisabledFeatures()
, with any of the associated biometric flags (i.e. KEYGUARD_DISABLE_BIOMETRICS
, KEYGUARD_DISABLE_FINGERPRINT
, KEYGUARD_DISABLE_FACE
, or KEYGUARD_DISABLE_IRIS
).
DevicePolicyManager.setPasswordQuality()
method with a more restrictive quality constant than PASSWORD_QUALITY_BIOMETRIC_WEAK
.
true
for KeyGenParameterSpec.Built.setUserAuthenticationRequired()
and the biometric is passive (e.g. face or iris where no explicit signal of intent exists).
If the biometric authentication methods do not meet the spoof and imposter acceptance rates as described in section 7.3.10:
DevicePolicyManager.setPasswordQuality()
method with a more restrictive quality constant than PASSWORD_QUALITY_BIOMETRIC_WEAK
.
If device implementations add or modify the authentication methods to unlock the lock screen and a new authentication method is based on a physical token or the location:
DevicePolicyManager.setKeyguardDisabledFeatures(KEYGUARD_DISABLE_TRUST_AGENTS)
method or the DevicePolicyManager.setPasswordQuality()
method with a more restrictive quality constant than PASSWORD_QUALITY_UNSPECIFIED
.
If device implementations have a secure lock screen and include one or more trust agent, which implements the TrustAgentService
System API, they:
DevicePolicyManager
class, such as the KEYGUARD_DISABLE_TRUST_AGENTS
constant.
TrustAgentService.addEscrowToken()
function on a device that is used as a primary personal device (e.g. handheld) but MAY fully implement the function on device implementations that are typically shared (e.g. Android Television or Automotive device).
TrustAgentService.addEscrowToken()
.
If device implementations add or modify the authentication methods to unlock the lock screen that is not a secure lock screen as described above, and use a new authentication method to unlock the keyguard:
DevicePolicyManager.setPasswordQuality()
method with a more restrictive quality constant than PASSWORD_QUALITY_UNSPECIFIED
.
DevicePolicyManager.setPasswordExpirationTimeout()
.
true
for KeyGenParameterSpec.Builder.setUserAuthenticationRequired()
).
The Android Keystore System allows app developers to store cryptographic keys in a dedicated secure processor as well as the isolated execution environment described above.
Device implementations:
If device implementations support StrongBox, they:
[C-1-1] MUST declare FEATURE_STRONGBOX_KEYSTORE.
[C-1-2] MUST provide dedicated secure hardware that is used to back keystore and secure user authentication.
[C-1-3] MUST have a discrete CPU that shares no cache, DRAM, coprocessors or other core resources with the application processor (AP).
[C-1-4] MUST ensure that any peripherals shared with the AP cannot alter StrongBox processing in any way, or obtain any information from the StrongBox. The AP MAY disable or block access to StrongBox.
[C-1-5] MUST have an internal clock with reasonable accuracy (+-10%) that is immune to manipulation by the AP.
[C-1-6] MUST have a true random number generator that produces uniformly-distributed and unpredictable output.
[C-1-7] MUST have tamper resistance, including resistance against physical penetration, and glitching.
[C-1-8] MUST have side-channel resistance, including resistance against leaking information via power, timing, electromagnetic radiation, and thermal radiation side channels.
[C-1-9] MUST have secure storage which ensures confidentiality, integrity, authenticity, consistency, and freshness of the contents. The storage MUST NOT be able to be read or altered, except as permitted by the StrongBox APIs.
To validate compliance with [C-1-3] through [C-1-9], device implementations:
[C-SR] are STRONGLY RECOMMENDED to provide insider attack resistance (IAR), which means that an insider with access to firmware signing keys cannot produce firmware that causes the StrongBox to leak secrets, to bypass functional security requirements or otherwise enable access to sensitive user data. The recommended way to implement IAR is to allow firmware updates only when the primary user password is provided via the IAuthSecret HAL. IAR will likely become a requirement in a future release.
All device implementations:
DevicePolicyManager.wipeData()
API is called by the primary user's Device Policy Controller app.
Android provides Safe Boot Mode, which allows users to boot up into a mode where only preinstalled system apps are allowed to run and all third-party apps are disabled. This mode, known as "Safe Boot Mode", provides the user the capability to uninstall potentially harmful third-party apps.
Device implementations are:
If device implementations implement Safe Boot Mode, they:
[C-1-1] MUST provide the user an option to enter Safe Boot Mode in such a way that is uninterruptible from third-party apps installed on the device, except when the third-party app is a Device Policy Controller and has set the UserManager.DISALLOW_SAFE_BOOT
flag as true.
[C-1-2] MUST provide the user the capability to uninstall any third-party apps within Safe Mode.
SHOULD provide the user an option to enter Safe Boot Mode from the boot menu using a workflow that is different from that of a normal boot.
Android Automotive devices are expected to exchange data with critical vehicle subsystems by using the vehicle HAL to send and receive messages over vehicle networks such as CAN bus.
The data exchange can be secured by implementing security features below the Android framework layers to prevent malicious or unintentional interaction with these subsystems.
"Subscription plans" refer to the billing relationship plan details provided by a mobile carrier through SubscriptionManager.setSubscriptionPlans()
.
All device implementations:
SubscriptionManager.setSubscriptionOverrideCongested()
, from the mobile carrier app currently providing valid subscription plans.
Device implementations MUST pass all tests described in this section. However, note that no software test package is fully comprehensive. For this reason, device implementers are STRONGLY RECOMMENDED to make the minimum number of changes as possible to the reference and preferred implementation of Android available from the Android Open Source Project. This will minimize the risk of introducing bugs that create incompatibilities requiring rework and potential device updates.
Device implementations:
[C-0-1] MUST pass the Android Compatibility Test Suite (CTS) available from the Android Open Source Project, using the final shipping software on the device.
[C-0-2] MUST ensure compatibility in cases of ambiguity in CTS and for any reimplementations of parts of the reference source code.
The CTS is designed to be run on an actual device. Like any software, the CTS may itself contain bugs. The CTS will be versioned independently of this Compatibility Definition, and multiple revisions of the CTS may be released for Android 9.
Device implementations:
[C-0-3] MUST pass the latest CTS version available at the time the device software is completed.
SHOULD use the reference implementation in the Android Open Source tree as much as possible.
The CTS Verifier is included with the Compatibility Test Suite, and is intended to be run by a human operator to test functionality that cannot be tested by an automated system, such as correct functioning of a camera and sensors.
Device implementations:
The CTS Verifier has tests for many kinds of hardware, including some hardware that is optional.
Device implementations:
Test cases for features noted as optional by this Compatibility Definition Document MAY be skipped or omitted.
[C-0-1] Device implementations MUST include a mechanism to replace the entirety of the system software. The mechanism need not perform “live” upgrades—that is, a device restart MAY be required. Any method can be used, provided that it can replace the entirety of the software preinstalled on the device. For instance, any of the following approaches will satisfy this requirement:
[C-0-2] The update mechanism used MUST support updates without wiping user data. That is, the update mechanism MUST preserve application private data and application shared data. Note that the upstream Android software includes an update mechanism that satisfies this requirement.
If the device implementations include support for an unmetered data connection such as 802.11 or Bluetooth PAN (Personal Area Network) profile, then, they:
For device implementations that are launching with Android 6.0 and later, the update mechanism SHOULD support verifying that the system image is binary identical to expected result following an OTA. The block-based OTA implementation in the upstream Android Open Source Project, added since Android 5.1, satisfies this requirement.
Also, device implementations SHOULD support A/B system updates. The AOSP implements this feature using the boot control HAL.
If an error is found in a device implementation after it has been released but within its reasonable product lifetime that is determined in consultation with the Android Compatibility Team to affect the compatibility of third-party applications, then:
Android includes features that allow the Device Owner app (if present) to control the installation of system updates. If the system update subsystem for devices report android.software.device_admin then, they:
For a summary of changes to the Compatibility Definition in this release:
For a summary of changes to individuals sections:
Changes are marked as follows:
CDD
Substantive changes to the compatibility requirements.
Docs
Cosmetic or build related changes.
For best viewing, append the pretty=full
and no-merges
URL parameters to your changelog URLs.
You can join the android-compatibility forum and ask for clarifications or bring up any issues that you think the document does not cover.