Feature #478


Implement scoped storage with API 29

Added by Dazed Dazed over 4 years ago. Updated over 3 years ago.

Start date:
Due date:
% Done:


Estimated time:


According to the android documentation it should be possible to provide all necessary storage functions without 'storage' permission by using the Storage Access Framework(SAF).

I think using the ACTION_CREATE_DOCUMENT & ACTION_OPEN_DOCUMENT intents should provide all required functionality.

I've never seen a browser that uses ACTION_CREATE_DOCUMENT for downloads, all require storage permission to download files, which I find disappointing.

It may be necessary to keep storage permission for support of versions earlier than Android 4.4, but ideally the app would never ask users for storage permission when using newer versions.

Android Q brings scoped storage which gives big improvements for shared storage privacy. It will be compulsory in R. Apps which use SAF will have smooth integration.

Actions #1

Updated by Dazed Dazed over 4 years ago

Implementing this should have the additional benefit that users can select alternative storage locations other than shared storage and avoid leaking all downloads to every app with storage permission.

I say this with slight hesitation as I think some functionality related to this is/was/may have been broken in AOSP/Android or some of the many forks, but I suspect things will improve with the focus on scoped storage, and it may just work for some now.

Checked out the functionality of your export function and found exporting to a location other than default gave an empty file.

Actions #2

Updated by Soren Stoutner over 4 years ago

  • Subject changed from Avoid needing storage permission to Implement scoped storage with API 29
  • Assignee set to Soren Stoutner

I think you have misunderstood the Android documentation. Privacy Browser already uses the Storage Access Framework, both as a client and as a provider. For example, when importing and exporting settings, when clicking the Browse button, a Storage Access Framework request is sent to the system file picker using ACTION_OPEN_DOCUMENT for import and ACTION_CREATE_DOCUMENT for export. However, Privacy Browser isn't actually able to use the returned file path without the storage permission if the file path is outside the app directories.

Scoped storage is indeed an improvement on the situation, and I am intending to implement it in Privacy Browser, but the benefits will only be seen by users with devices running Android Q (API 29) or higher. However, as documented in the link on scoped storage, the file permissions will still be required.

Actions #3

Updated by Soren Stoutner over 4 years ago

Also, a note on the commend about empty export files. If you use the Browse button to find an export file location, it calls ACTION_CREATE_DOCUMENT via the Storage Access Framework. When you select the file in the file browser, it creates that file with 0 bytes. If you have selected a file location that would require the storage permission, Privacy Browser will prompt for that permission. If it is denied, Privacy Browser displays an error message saying it can't write to that location, leaving that 0 byte file behind.

None of this is really a bug. Rather, it is the way Android storage works.

Actions #4

Updated by Dazed Dazed over 4 years ago

On LineageOS Oreo, using Twidere from Fdroid app store, without it having storage permission, I can save an image, viewed in Twidere, using the 'save to …' option in the menu to any location on the device.
Not got time to work out how they do this, but it works. Interested to know how, if you do explore.

Actions #5

Updated by Soren Stoutner over 4 years ago

I will take a look at Twidere and see if I can implement something similar.

Actions #6

Updated by Soren Stoutner over 3 years ago

  • Tracker changed from Bug to Feature
  • Status changed from New to Closed

This feature request is also being tracked at I am going to close this one and continue tracking progress there.


Also available in: Atom PDF