While Samsung Galaxy devices had new restrictions on microSD read/write access, it was hard to say whether this was the start of a trend for all Android OEMs as restrictions on microSD were bypassed by most OEMs, as the vast majority of functionality such as moving apps to microSD were ported to Android 4.x builds. The story is more than just about Android 4.4 though, as the change in microSD functionality happened some time in the 3.x releases of Honeycomb.

Before Honeycomb, Android was heavily reliant upon microSD cards, as the vast majority of smartphones carried forward the storage model from the days of Windows Mobile, with very little internal storage for the OS and its applications. Everything else had to be placed on a microSD card, which meant the OS was useless if the microSD card was ejected. The same was true of most early Android smartphones. This is the model that most everyone is familiar with. Any application could read and write anywhere they wished on the microSD card with appropriate permissions.

The new model arrived with Honeycomb, which placed permission controls on the microSD card. This disallowed any third party application from writing to the microSD card, although they could write to their own private folder on the microSD card, much like how applications can write to their own folder on /data/apps/ but they can't modify any other folder in that directory. With permission to write to external storage, it is possible to read any file on the microSD card that isn’t a private folder, but it isn’t possible to write to any other folder. The permission to write to any folder on the microSD card is now limited to system/OS applications only.

This means that while Google Play Edition devices like the LG G Pad and Samsung Galaxy S4 followed the behavior that was set by Google as far back as Honeycomb, devices like the Galaxy S4 with TouchWiz never had such restrictions on microSD, custom ROMs altered the restrictions that Google had placed, and in general, microSD behavior continued to work as it did in Android 2.3 for the vast majority of people using Android.

The big news isn’t that Samsung is adopting the change. Rather, it seems that Google is now enforcing this change in microSD behavior across all OEMs. Presumably, this means that the Android CTS (Compatibility Test Suite) now requires compliance with the new system of accessing microSD storage. Based upon user feedback, both Samsung and HTC devices with microSD slots are no longer capable of allowing user applications to write to folders outside of the application’s private folder. While it was once hard to say whether this would only be followed by a few OEMs, it seems that this standard is well on track to universal adoption.

This sounds like a major issue, but Google has clearly planned this out, as the Storage Access Framework feature in Android 4.4 allows file manipulation of data on the microSD slot and can provide access to data on the microSD card without allowing free access of all data on the microSD card. At any rate, an example of the SAF UI can be seen below.

What seems to throw a wrench into everything is that the primary internal storage partition still has the same behavior as microSD cards before Honeycomb. This means that any data in the /data/media/ directory has no permission control. It seems that Google has backed themselves into a corner in a way, because this odd inconsistency is needed to maintain backwards compatibility with applications that still assume that /sdcard/ can be written to in any manner, and any file on /sdcard/ can be read as well. Google also hasn't done anything about USB-OTG storage, which is still left up to the OEM to decide implementation. That means nothing changes when it comes to primary internal storage and USB storage.

Some may say that this is a clear attempt to kill off expandable storage and attempt to force cloud storage upon more users, but recent events have made it clear that this is a move targeted at OS security, as the popular chat application Whatsapp could have all messages easily accessed by any application that could read the SD card. On 4.4, despite the lack of security on the part of the developer, such a security breach wouldn’t be possible. However, whether this gain in security is worth the transition period between a robust permissions system for microSD/FAT systems on Android and the status quo is another question entirely, and is one that may not have an answer.

POST A COMMENT

43 Comments

View All Comments

  • Tarwin - Thursday, March 13, 2014 - link

    Is the whatsapp example valid? It saves to the primary memory from what I know, whether that's internal or microSD. This means that it still has the same vulnerability asbefore.

    Secondly, this limits the usage of an external microSD greatly. File managerno longer manage files, they only read them. Download programs can no longer download to the external memory card. Heck, I personally prefer to manage the media content on my phone and tablet via Wi-Fi by directly connecting to my low-end home NAS (a Seagate goflex home drive). I won't be able to do that anymore.

    Also, I haven't seen any program yet which lets me install to the EXTERNAL SD card...

    This wouldn't bug me so much if we had Android phones with 128GB of memory so that I could continue using those apps like file managers and download managers... But unfortunately 32GB is still the norm for high end and low end is even worse.
    Reply
  • marcardar - Friday, March 14, 2014 - link

    I agree - this seems to have little to do with the Whatsapp example. Any Android app can request READ_EXTERNAL_STORAGE permission and access the database. At least that is certainly true for devices with no SD card slot. For devices with an SD card slot, it depends whether "external storage" points to the SD card are some internal flash storage. If the external storage points to the SD card, then I think READ_EXTERNAL_STORAGE permission is sufficient (to read the SD card) even in 4.4. Reply
  • blanarahul - Friday, March 14, 2014 - link

    I didn't understand a single word of the second last paragraph. Reply
  • JoshHo - Friday, March 14, 2014 - link

    That's the thing, I suspect that Google would like to implement a similar system on primary storage but it would break tons of applications as a result. Long term though, I wouldn't be surprised to see a move towards the same system that we now see on microSD cards.

    It does for now, but Google is clearly trying to do something about it with the SAF, which effectively replaces file managers from the play store.

    As for installing applications to external SD, this is a common feature on some OEM phones.
    Reply
  • Tarwin - Friday, March 14, 2014 - link

    I remember the "move to SD" but I personally haven't seen the option on any 4+ devices which have a passable amount of internal memory. Even on some newer lower end phones which only have two gigs left for user access they didn't have the option to install to external SD. It's also why some people were seriously complaining about the M.O.J.O. since games can take up quite a bit of space and sixteen gigs is seriously not enough.

    I have known of custom ROMS with the option and apps which give you the functionality on rooted devices, but not OEM devices that have anything newer than 2.3. Can you name some deviceswhich have the option? I'd loveto be proven wrong/corrected as then this would make a little more sense
    Reply
  • digi_owl - Saturday, March 15, 2014 - link

    The "move to SD" was never about true SD cards. It was implemented because OEMs started partitioning internal storage space, and pointing the Android SD slot APIs to one of those partitions.

    Ever since the confusion have lingered in the Android APIs, and this latest change is adding further confusion.
    Reply
  • Tarwin - Saturday, March 15, 2014 - link

    Oh, I know, it's just that JoshHo said "As for installing applications to external SD, this is a common feature on some OEM phones." And I was just saying that the last time I saw anything even resembling that feature was the "move to SD", though it was used with true SD cards when the internal storage was very limited (.e.g. the HTC Sensation) Reply
  • digi_owl - Sunday, March 16, 2014 - link

    Yeah, it rarely shows up in 4.x because Google introduced the option to union mount a FAT "partition" on top of a directory in the EXT based main partition. Thus sharing internal storage space between apps and user files without breaking the house of cards that started with OEMs mounting a partition as if it was a SD card. Reply
  • vdidenko - Thursday, March 13, 2014 - link

    Not sure, how file management applications like Nexus Media Importer https://play.google.com/store/apps/details?id=com.... work then? It does work on both Nexus 5 and 10 with OS version 4.4.2. It did not work for what seems to be described reasons with 4.4.0 and 4.4.1 - but works fine in 4.4.2. Reply
  • rstuart - Thursday, March 13, 2014 - link

    Yeah, there is something not quite right with the description. File manager apps have continued to work since the release of Honeycomb. I notice they all have a "Modify or delete the contents of your USB storage" permission. The stuff you can modify and delete lives under /sdcard and also /storage on a Nexus. What you could not do is modify stuff under / - but you can look at some of it. Reply

Log in

Don't have an account? Sign up now