Android 4.4: is WRITE_EXTERNAL_STORAGE permission effective on primary external storage /mnt/sdcard?

Question

Android 4.4 new rules for accessing external storage seem to break many applications.

According to this: http://source.android.com/devices/tech/storage/ (read carefully) it seems that WRITE_EXTERNAL_STORAGE permission no more grants access to secondary removable storage with /mnt/external_sd path in Android 4.4. They say that apps just can access a private folder on secondary removable storage, and it is removed when the app is removed.

Now, I think that, according to what is implicit, WRITE_EXTERNAL_STORAGE will instead grant access on primary external storage /mnt/sdcard.

If it is true, it is possible, for example, that my app starts another app and feeds it with a file:// url within the primary external storage and then the called app can edit and save the file to the same path, provided it has the WRITE_EXTERNAL_STORAGE permission.

Does Android 4.4 work this way as to primary external storage access?

Answer 1

You are right, but to see why let's have a look at the details of different kinds of external storage and their permission system.

Primary external storage

In the KitKat external storage model, each application is granted access to a special home directory on the primary external storage. Apps can always read and write the content of those external home directories without requiring a special permission. However, in contrast to app's internal home dirs, the external ones can also be accessed by other apps under certain circumstances. The READ_EXTERNAL_STORAGE gives apps full read access to the primary external memory, even for all the home dirs there. WRITE_EXTERNAL_STORAGE however grants write and read permission for primary external storage. Now let's aks, why having a home dir if anyone holding the above permission(s) can tamper with them? The reason is that those new external home dirs are not meant as a security boundary. What makes them special is that Android will automatically delete them as soon as the owning app is deinstalled, so we have automated cleanup here. This also means that you should not store app's private data like credentials or exploitable things like config files on external memory at all. Also nice is that the media scanner ignores those home dirs. Also keep in mind that this part of the memory can be mounted on a computer where Android effectively loses control over the data.

Secondary external storage

Here, the concept of external home dirs pops up again where apps can store their data without requiring a permission. Again, those special dirs are automatically removed upon uninstall of the owner app and provide no security because the sd card can be mounted and modified arbitrarily on a computer for example. But in contrast to primary external storage, all data outside the home dirs are read only here. So there really is no permission for write access because this is not intended at all.

Your example With your example, you are absolutely right in that the started application that was given a file URI can modify it arbitrarily, given it has the right permission.

If you are interested in more details, those posts here and here provide excellent insight into the new storage model.