1. Upgrade the compilation environment
development environment
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
|
Modification of TargetSdkVersion >=34
Limitations on implicit intents and pending intents
For apps targeting Android 14, Android restricts apps from sending implicit intents to internal app components in the following ways:
- Implicit intents can only be delivered to exported components. Apply
必须使用显式 intent 传送到未导出的组件
with package name to jump, or将该组件标记为已导出。
- The system now throws an exception if an app creates a mutable pending intent from an intent that does not specify a component or package.
These changes prevent malicious apps from intercepting implicit intents intended for components inside the app.
1 2 3 4 5 6 7 8 9 10 11 12 |
|
Broadcast receivers registered at runtime must specify export behavior
On Android 14, the runtime dynamically registers the broadcast receiver through Context#registerReceiver()
and needs to set the flag RECEIVER_EXPORTED
or RECEIVER_NOT_EXPORTED
, identifies whether to export the broadcast to avoid security vulnerabilities in the application. If a system broadcast is registered, there is no need to specify a tag.
Third-party SDK compatible modification methods:
If it is difficult to adapt to the third-party SDK, you can first override the broadcast registration method in Activity or Application. If there is no exportable flag, you can add it manually.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
|
Secure dynamic code loading (plug-in/hot update)
new DexClassLoad(x,x,x,)
DexFile.loadFile(x) will throw an exception
Set dynamic files (such as DEX, JAR or APK files) to read-only immediately before they are opened and any content is written. Plug-inization and hot fixes involving ClassLoad to load code will immediately report an error if the file has write permissions.
Change the properties of the newly downloaded file to read-only. If it is an existing file, it is best to delete it first and then download it again and set the read-only permission.
1 2 3 4 5 6 7 8 9 10 11 12 13 |
|
Compression path traversal
For apps targeting Android 14, Android prevents Zip path traversal vulnerabilities by: If the Zip file entry name contains ".." or begins with "/",ZipFile(String)
and ZipInputStream.getNextEntry()
will throw ZipException
.
Applications can choose to disable this verification by calling dalvik.system.ZipPathValidator.clearCallback()
.
Additional restrictions on starting an Activity from the background
The system further limits the time an app can start an activity in the background:
- When an app uses
PendingIntent#send()
SendPendingIntent
and similar behavior, if the app wants to grant its own background service launch permission to launch the pending intent, then The app must now opt-in to aActivityOptions
withsetPendingIntentBackgroundActivityStartMode(MODE_BACKGROUND_ACTIVITY_START_ALLOWED)
- When a visible application uses
bindService()
to bind the service of another application running in the background, if the visible application wants to grant its own background activity launch permission to the bound service , it must now opt in with theBIND_ALLOW_ACTIVITY_STARTS
flag.
To start the foreground service, you must set the foreground service type
If you usestartForeground() you must specify the foreground type of the service in the manifest file. For example, for audio playback, you can use mediaPlayback< /span>
To help developers more purposefully define user-facing front-end services, Android 10 is available in The android:foregroundServiceType
attribute is introduced in the <service> element.
If your app targets Android 14, you must specify the appropriate front service type. As in previous Android versions, multiple types can be combined. Listed below are the types of front desk services to choose from:
- camera
- connectedDevice
- dataSync
- health
- location
- mediaPlayback
- mediaProjection
- microphone
- phoneCall
- remoteMessaging
- shortService
- specialUse
- systemExempted
If the use cases in your app are not related to any of these types, it is strongly recommended that you migrate your logic to use WorkManager or User-initiated data transfer job.
Android 14 中新增了 health, remoteMessaging, shortService, specialUse
和 systemExempted
类type.
The following code snippet provides an example of a front-end service type declaration in a manifest:
1 2 3 4 5 6 7 8 9 10 11 |
|
If an app targeting Android 14 does not define the type of a given service in the manifest, the system will call startForeground() triggered when MissingForegroundServiceTypeException
Open JDK 17
Android 14 will continue to update Android's core libraries to align with features in the latest OpenJDK LTS releases, including library updates and Java 17 language support for app and platform developers.
The following changes may affect app compatibility:
- Changes to regular expressions: In order to more strictly follow the semantics of OpenJDK, invalid group references are now not allowed. You may see new cases where the
java.util.regex.Matcher
class throwsIllegalArgumentException
, so be sure to测试应用中使用正则表达式的情形
. To enable or disable this change during testing, please use the Compatibility Framework Tooltoggle theDISALLOW_INVALID_GROUP_REFERENCE
flag. - UUID handling: The
java.util.UUID.fromString()
method now performs stricter checks when validating input parameters, so you may encounter errors during deserialization SeeIllegalArgumentException
. To enable or disable this change during testing, please use the Compatibility Framework Tooltoggle theENABLE_STRICT_VALIDATION
flag. - ProGuard issues: Sometimes adding
java.lang.ClassValue
classes can cause problems when you try to minify, obfuscate, and optimize your app using ProGuard. The problem stems from a Kotlin library that changes the runtime behavior depending on whetherClass.forName("java.lang.ClassValue")
returns a class. If your app is developed against an older runtime that does not have thejava.lang.ClassValue
class, these optimizations may cause thecomputeValue
method to derive fromjava.lang.ClassValue
removed from the class.
Updates to restrict non-SDK interfaces in Android 14
Non-SDK API table (Official website download file)
Use LintTool list
Modification of TargetSdkVersion >=33
Deny setting precise alarms by default
Starting from Android 14, new installation users with targetSdkVersion>=33 SCHEDULE_EXACT_ALARM
Permission is denied by default, in use
setExact()
setExactAndAllowWhileIdle()
setAlarmClock()
When , the APP will throw an exception, which can be used before calling the above method. canScheduleExactAlarms()
判断是否有闹钟权限,并且设置AlarmManager.ACTION_SCHEDULE_EXACT_ALARM_PERMISSION_STATE_CHANGED
监听前台广播并对其做出正确反应 ,系统会在用户授予权限时发送该广播。
三种种方式修改:
1 2 3 4 5 6 |
|
-
Menifest申明
<uses-permission
android:name
="android.permission.USE_EXACT_ALARM" />
这个普通权限不需要运行时申请,但是需要注意隐私声明1
2
3
4
5
6
7
8
9
10
public
void
start () {
if
(Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
alarmManager.setExact(xxx, xxx,
"TAG"
,
new
AlarmManager.OnAlarmListener() {
@Override
public
void
onAlarm() {
start();
}
}, xx);
}
}
授予对照片和视频的部分访问权限
只授予所选中媒体文件的权限
针对Android 13 及以上用户 Android 14 以上新增的权限 READ_MEDIA_VISUAL_USER_SELECTED
仅允许授予选中媒体文件的访问权限。如需要访问所有媒体文件需要同步申请READ_MEDIA_IMAGES
和 READ_MEDIA_VIDEO
.
TargetSdkVersion==xxx 不区分版本对所有应用的更改
TargetSdkVersion<23的应用无法在Android U上安装
安全性,降低低版本权限问题导致APP数据泄露,升级TargetSdkVersion >=23
1 |
|
如果需要调试低版本Target的APP可以使用命令行安装
1 |
|
应用进入缓存时,上下文注册的广播将加入队列
应用进入缓存状态(例如进入后台) 上下文注册的广播会加入队列,等待应用退出缓存状态时,会一次性将多个在缓存队列的广播一次性发送, 存在广播合并的情况, 例如监听屏幕开启/关闭/开启/关闭, 应用只能接受开启-关闭 中间的状态会丢失.,广播也可能由于系统原因会从缓存队列删除. 此项变更让广播接收变得不那么靠谱,可能会导致APP资源得不到销毁引起内存泄露
应用只能终止自己的后台进程
从 Android 14 开始,当您的应用调用 killBackgroundProcesses()
时,该 API 只能终止您自己应用的后台进程。(影响第三方杀进程的应用例如(360手机卫士))
用户可以关闭不可关闭的通知
这项变更适用于通过 Notification.Builder#setOngoing(true)
或 NotificationCompat.Builder#setOngoing(true)
设置 Notification.FLAG_ONGOING_EVENT
来阻止用户关闭前台通知的应用。FLAG_ONGOING_EVENT
的行为已发生变化,使用户实际上能够关闭此类通知。
在以下情况下,此类通知仍不可关闭:
- 当手机处于锁定状态时
如果用户选择
全部清除
通知操作
(有助于防止意外关闭)
此外,这一新行为不适用于以下用例中的不可关闭通知:
-
使用
MediaStyle
创建的通知(notification.setStyle(ew NotificationCompat.MediaStyle())) -
安全和隐私用例的政策限制使用
-
企业设备政策控制器 (DPC) 和支持软件包
新增、改善功能
截屏监听
添加权限: 可以监听截屏但是截屏文件还需要使用常规方法自己获取
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
|
禁止当前ACtivity截屏可以添加下面的flag
1 |
|
Path 路径可查询过程中的点位信息
Android 的 Path
API 是一种强大且灵活的机制,可用于创建和渲染矢量图形,能够描边或填充路径,根据线段、二次曲线或立方曲线构建路径,执行布尔运算以获取更复杂的形状,或同时执行所有这些操作。但是无法了解 Path 对象中实际包含的内容;该对象的内部信息在创建后对于调用方是不透明的。
如需创建 Path
,可以调用 moveTo()
、lineTo()
和 cubicTo()
等方法来添加路径片段。但无法询问该路径有哪些片段,因此必须在创建时保留该信息。
从 Android 14 开始,可以查询路径以了解其内部内容。首先,需要使用 Path.getPathIterator
API 获取 PathIterator
对象:
1 2 3 |
|
接下来,可以调用 PathIterator
逐个遍历片段,并检索每个片段的所有必要数据。以下示例使用了 PathIterator.Segment
对象,它会打包数据
1 2 |
|
PathIterator
还有一个非分配版 next()
,可以在其中传入缓冲区来保存点数据。
查询 Path
数据的一个重要用例是插值。例如,大家可能想在两个不同的路径之间添加动画(或变形)。为了进一步简化该用例,Android 14 针对 Path
还有一个新的 interpolate()
方法。假设两个路径具有相同的内部结构,interpolate()
方法会使用该插值结果创建一个新的 Path
。以下示例返回了一个形状介于 path
和 otherPath
之间的一半(线性插值为 0.5)的路径:
1 2 3 4 |
|
单应用语言偏好/语法优化/地区偏好
功能和 API 概览 | Android 开发者 | Android Developers (google.cn)
位置权限新增标签描述
权限弹窗是会显示描述信息,需要在清单文件中添加
1 2 3 4 |
|
新增用户初始化Job权限RUN_USER_INITIATED_JOBS
Android 14 引入了android.permision.RUN_USER_INITIATED_JOBS权限,允许一个应用执行用户初始化Job权限,此权限可以被用手动关闭或者被系统撤销,应用需要targestsdk升级到U后来请求此权限
新增唤醒屏幕权限
Android 14 引入了android.permision.TURN_SCREEN_ON权限,目标平台为Android 14及以上的应用使用唤醒屏幕时,需要在AndroidManifest文件中配置这个权限。另外唤醒屏幕权限有一个对应的appops权限AppOpsManager.OP_TURN_SCREEN_ON,这个权限在Android T上是默认开启,在Android U上对目标平台为Android 14及以上的应用默认关闭。
不申请权限调用下面API 没有效果无法唤醒屏幕
1 2 3 4 5 |
|