This document describes the changes made to address the Android privacy warning: "This app was built for an older version of android and doesn't include the latest privacy protections."
The application was targeting Android SDK 25 (Android 7.1), which is over 7 years old and lacks modern privacy protections required by current Android versions. Google Play requires apps to target at least SDK 31 (Android 12) for new submissions.
Files Modified:
androbd/build.gradleplugin/build.gradle
Changes:
- Updated
targetSdkVersionfrom 25 to 34 (Android 14) - Removed
ExpiredTargetSdkVersionsuppression warnings - This brings the app up to modern Android standards
File Modified: androbd/src/main/AndroidManifest.xml
Legacy Permissions (Android 11 and below):
<uses-permission android:name="android.permission.BLUETOOTH_ADMIN" android:maxSdkVersion="30" />
<uses-permission android:name="android.permission.BLUETOOTH" android:maxSdkVersion="30" />Modern Permissions (Android 12+):
<uses-permission android:name="android.permission.BLUETOOTH_SCAN"
android:usesPermissionFlags="neverForLocation" />
<uses-permission android:name="android.permission.BLUETOOTH_CONNECT" />Key Points:
BLUETOOTH_SCANwithneverForLocationflag indicates the app doesn't use Bluetooth for location trackingBLUETOOTH_CONNECTis required to connect to paired Bluetooth devices- Legacy permissions are restricted to SDK 30 and below using
maxSdkVersion
File Modified: androbd/src/main/java/com/fr3ts0n/ecu/gui/androbd/MainActivity.java
New Methods Added:
checkBluetoothPermissions()- Checks and requests Bluetooth permissions on Android 12+onRequestPermissionsResult()- Handles permission grant/denial responses
Permission Flow:
- When user attempts to connect to Bluetooth device, app checks for permissions
- If not granted, displays system permission dialog
- If granted, proceeds with connection
- If denied, shows explanatory message and stays in offline mode
Files Updated with Permission Checks:
BtDeviceListActivity.java- Added permission checks before accessing paired devicesBtCommService.java- Added permission checks before Bluetooth operations
File Modified: androbd/src/main/AndroidManifest.xml
Changes:
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"
android:maxSdkVersion="28" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"
android:maxSdkVersion="32" />Code Changes in MainActivity.java:
- Storage permissions are now only requested for Android 6-9 (API 23-28)
- Android 10+ (API 29+) uses scoped storage by default
- This eliminates the need for broad storage permissions on modern Android
File Modified: androbd/src/main/AndroidManifest.xml
New Permission:
<uses-permission android:name="android.permission.FOREGROUND_SERVICE_CONNECTED_DEVICE" />Service Declaration:
<service
android:name=".ObdBackgroundService"
android:foregroundServiceType="connectedDevice" />Explanation:
- Android 14+ requires explicit foreground service types
connectedDevicetype is appropriate for OBD communication services- This ensures the background service can continue running while app is in background
The plugin framework architecture continues to work with the updated target SDK:
- Service Communication: Plugin services can still communicate via exported services
- Data Exchange: The
PluginDataServicemechanism remains functional - Intent-based Discovery: Plugin discovery via intents still works with SDK 34
Key Design Consideration: The previous comment "SDK 25 to allow background service mechanism for plugins" was based on an outdated understanding. Modern Android (SDK 34) fully supports:
- Exported services with explicit declarations
- Background service communication
- Intent-based component discovery
- Foreground services with proper type declarations
- Test on Android 12+ devices
- Verify permission dialogs appear correctly
- Ensure Bluetooth connection works after permissions granted
- Test with pre-paired devices and new device pairing
- Test file save/load on Android 10+ (scoped storage)
- Verify file operations on Android 6-9 with legacy permissions
- Test screenshot saving functionality
- Verify ObdBackgroundService starts properly
- Check notification appears when service is running
- Test that OBD monitoring continues when app is backgrounded
- Test with existing plugins (MQTT, GpsProvider, SensorProvider)
- Verify plugin discovery still works
- Ensure plugin data exchange functions correctly
- Minimal Bluetooth Permissions: Using
neverForLocationflag reduces privacy concerns - Scoped Storage: Modern Android versions use scoped storage, limiting app's file system access
- Runtime Permissions: Users have granular control over what the app can access
- Foreground Service Transparency: Clear notification shows when background monitoring is active
- App will request Bluetooth permissions when first connecting to OBD device
- Users must grant
BLUETOOTH_CONNECTandBLUETOOTH_SCANpermissions - On Android 10+, no storage permissions will be requested (uses scoped storage)
- On older Android versions (6-9), storage permissions may be requested
- Existing functionality remains the same
- Plugin system continues to work
- All OBD features remain available
- File save/load continues to work with appropriate storage APIs
These changes bring the app into compliance with:
- Google Play's target API level requirements (SDK 31+)
- Android 12+ privacy protection standards
- Android 13+ notification permission requirements
- Android 14+ foreground service type requirements