Security and Performance Analysis of Scoped Storage on Android
Over the last years, Android has gradually moved from a traditional desktop-like paradigm of a shared filed system towards a stricter separation of applications’ files. Applications are only allowed to access the shared file system through Stroage Access Framework (SAF) or MediaStore APIs. While previous Android releases offered some way to work around the new restrictions, Android 11 now enforces them. It includes a transparent translation layer from the legacy File API to the MediaStore. Although the existence of this new system has only been documented very sparsely, its drastic performance impact is directly noticeable to end users.
In this project, we offer an extensive overview of different aspects of file access APIs available on Android. Besides analysing security aspects, we provide a benchmark for challenging Google’s official performance claims.