与之前的版本一样,Android 17 包含一些可能会影响应用的行为变更。以下行为变更仅影响以 Android 17 或更高版本为目标平台的应用。如果您的应用以 Android 17 或更高版本为目标平台,则应根据情况修改应用,以支持这些行为。
无论应用的 targetSdkVersion 为何,都请务必查看对 Android 17 上运行的所有应用都有影响的行为变更列表。
核心功能
Android 17 包含以下变更,这些变更会修改或扩展 Android 系统的各种核心功能。
MessageQueue 的新无锁实现
Beginning with Android 17, apps targeting Android 17 (API level 37)
or higher receive a new lock-free implementation of
android.os.MessageQueue. The new implementation improves performance and
reduces missed frames, but may break clients that reflect on MessageQueue
private fields and methods.
For more information, including mitigation strategies, see MessageQueue behavior change guidance.
静态 final 字段现在不可修改
Apps running on Android 17 or higher that target
Android 17 (API level 37) or higher cannot change static final fields. If
an app attempts to change a static final field by using reflection, it will
cause an IllegalAccessException. Attempting to modify one of these fields
through JNI APIs (such as SetStaticLongField()) will cause the app to crash.
无障碍
Android 17 进行了以下变更,以改进无障碍功能。
复杂 IME 实体键盘输入的无障碍支持
此功能引入了新的 AccessibilityEvent 和 TextAttribute API,以增强屏幕阅读器针对 CJKV 语言输入的语音反馈。CJKV IME 应用现在可以指示在文本撰写期间是否已选择文本转换候选对象。具有编辑字段的应用可以在发送文本更改无障碍事件时指定文本更改类型。例如,应用可以指定在文本撰写期间发生了文本更改,或者文本更改是由提交导致的。这样做可让屏幕阅读器等无障碍服务根据文本修改的性质提供更精确的反馈。
应用采用量
IME 应用:在设置编辑字段中的撰写文本时,IME 可以使用
TextAttribute.Builder.setTextSuggestionSelected()来指明是否选择了特定的转换候选字词。具有“编辑字段”权限的应用:维护自定义
InputConnection的应用可以通过调用TextAttribute.isTextSuggestionSelected()来检索候选选择数据。然后,这些应用在调度TYPE_VIEW_TEXT_CHANGED事件时应调用AccessibilityEvent.setTextChangeTypes()。如果应用以 Android 17(API 级别 37)为目标平台,并使用标准TextView,则默认启用此功能。(也就是说,TextView将负责从 IME 检索数据,并在向无障碍服务发送事件时设置文本更改类型)。无障碍服务:处理
TYPE_VIEW_TEXT_CHANGED事件的无障碍服务可以调用AccessibilityEvent.getTextChangeTypes()来识别修改的性质,并相应地调整其反馈策略。
隐私权
Android 17 包含以下变更,旨在提升用户隐私保护。
以 Android 17 为目标平台的应用需要本地网络权限
| 是否可用于测试?(要求的 build 版本) | 是 (Android 17 或更高版本) |
|---|---|
是否需要更改 targetSDKVersion?(API 级别) |
是 (API 级别 37) 如需详细了解此值,请参阅清单属性文档。 |
Android 17 introduces the ACCESS_LOCAL_NETWORK runtime permission
to protect users from unauthorized local network access. Because this falls
under the existing NEARBY_DEVICES permission group, users who have already
granted other NEARBY_DEVICES permissions aren't prompted again. This new
requirement prevents malicious apps from exploiting unrestricted local network
access for covert user tracking and fingerprinting. By declaring and requesting
this permission, your app can discover and connect to devices on the local area
network (LAN), such as smart home devices or casting receivers.
Apps targeting Android 17 (API level 37) or higher now have two paths to maintain communication with LAN devices: Adopt system-mediated, privacy-preserving device pickers to skip the permission prompt, or explicitly request this new permission at runtime to maintain local network communication.
For more information, see the Local network permission documentation.
在实体设备上隐藏密码
If an app targets Android 17 (API level 37) or higher and the user is using
a physical input device (for example, an external keyboard), the Android
operating system applies the new show_passwords_physical setting to all
characters in the password field. By default, that setting hides all password
characters.
The Android system shows the last-typed password character to help the user see if they mistyped the password. However, this is much less necessary with larger external keyboards. In addition, devices with external keyboards often have larger displays, which increases the danger of someone seeing the typed password.
If the user is using the device's touchscreen, the system applies the new
show_passwords_touch setting.
安全
Android 17 对设备和应用安全性进行了以下改进。
活动安全性
In Android 17, the platform continues its shift toward a "secure-by-default" architecture, introducing a suite of enhancements designed to mitigate high-severity exploits such as phishing, interaction hijacking, and confused deputy attacks. This update requires developers to explicitly opt in to new security standards to maintain app compatibility and user protection.
Key impacts for developers include:
- BAL hardening & improved opt-in: We are refining Background Activity
Launch (BAL) restrictions by extending protections to
IntentSender. Developers must migrate away from the legacyMODE_BACKGROUND_ACTIVITY_START_ALLOWEDconstant. Instead, you should adopt granular controls likeMODE_BACKGROUND_ACTIVITY_START_ALLOW_IF_VISIBLE, which restricts activity starts to scenarios where the calling app is visible, significantly reducing the attack surface. - Adoption tools: Developers should utilize strict mode and updated lint checks to identify legacy patterns and ensure readiness for future target SDK requirements.
默认启用 CT
如果应用以 Android 17(API 级别 37)或更高版本为目标平台, 证书透明度 (CT) 默认处于启用状态。(在 Android 16 上,CT 可用,但应用必须选择启用。)
更安全的原生 DCL - C
If your app targets Android 17 (API level 37) or higher, the Safer Dynamic Code Loading (DCL) protection introduced in Android 14 for DEX and JAR files now extends to native libraries.
All native files loaded using System.load() must be marked as read-only.
Otherwise, the system throws UnsatisfiedLinkError.
We recommend that apps avoid dynamically loading code whenever possible, as doing so greatly increases the risk that an app can be compromised by code injection or code tampering.
设备规格
Android 17 包含以下变更,可改善各种尺寸和外形规格的设备上的用户体验。
平台 API 变更,用于忽略大屏设备 (sw>=600dp) 上的屏幕方向、尺寸调整能力和宽高比限制
我们在 Android 16 中引入了平台 API 变更,以 忽略屏幕方向、 宽高比和尺寸调整能力限制(针对大型屏幕,sw >= 600dp),适用于面向 API 级别 36 或更高级别的应用。开发者可以选择使用 SDK 36 退出这些变更,但对于面向 Android 17(API 级别 37)或更高级别的应用,此退出选项将不再可用。
如需了解详情,请参阅忽略屏幕方向和尺寸调整能力限制。