Starting in Android 9 (API level 28), the platform restricts which non-SDK interfaces your app can use. These restrictions apply whenever an app references a non-SDK interface or attempts to obtain its handle using reflection or JNI. These restrictions were put in place to help improve the user and developer experience and reduce the risks of crashes for users and emergency rollouts for developers. For more information about this decision, see Improving Stability by Reducing Usage of non-SDK Interfaces.
Differentiating between SDK and non-SDK interfaces
Generally speaking, public SDK interfaces are those ones found documented in the Android framework Package Index. Handling of non-SDK interfaces is an implementation detail that the API abstracts away, so these interfaces are subject to change without notice.
To avoid crashes and unexpected behavior, apps should only use the officially documented parts of the classes in the SDK. This also means that you should not access methods or fields that are not listed in the SDK when you interact with a class via mechanisms such as reflection.
Blacklists, greylists, and whitelists
With each release of Android, additional non-SDK interfaces will be restricted. We know these restrictions can impact your release workflow, and we want to make sure you have the tools to detect usage of non-SDK interfaces, an opportunity to give us feedback, and time to plan and adjust to the new policies.
To minimize the impact of non-SDK restrictions on your development workflow, the non-SDK interfaces are divided into lists that define how tightly their use is restricted, depending on which API level is being targeted. The following table describes each of these lists:
|Blacklist||Non-SDK interfaces that you cannot use regardless of your app's target API level. If your app attempts to access one of these interfaces, the system will throw an error.|
|Greylist||Non-SDK interfaces that you can use as long as they are not restricted
for your app's target API level.
Starting with Android 9 (API level 28), each API level has non-SDK interfaces that are restricted at that API level. Although a restricted greylist API can be accessed if your app targets a lower API level, if your app attempts to access a non-SDK interface that is restricted for your target API level, the system behaves as if the API is blacklisted.
Note: In Android 9 (API level 28), the non-SDK interfaces from the non-restricted greylist were called the lightgrey list, and the non-SDK interfaces from the restricted greylist were called the darkgrey list.
|Whitelist||Interfaces that can be freely used and are supported as part of the officially documented Android framework Package Index.|
While you can currently use some non-SDK interfaces that are part of the greylist (depending on your app's target API level), using any non-SDK method or field always carries a high risk of breaking your app. If your app relies on non-SDK interfaces, you should begin planning a migration to SDK interfaces or other alternatives. If you cannot find an alternative to using a non-SDK interface for a feature in your app, you should request a new public API.
Determining which list an interface belongs to
The lists of non-SDK interfaces are built as part of the platform.
For Android 9 (API level 28), this text file contains the list of greylisted APIs that are not restricted. The blacklist and restricted greylist are derived at build time. There is a build rule that generates the lists on AOSP. While the AOSP lists are not the same as the lists for Android 9, the overlap is fairly high. You can also generate the blacklist yourself by downloading AOSP and then running the following command:
You can then find the file in the following location:
Expected behavior when restricted non-SDK interfaces are accessed
The following table describes the behavior that you can expect if your app attempts to access a non-SDK interface that is part of the blacklist.
|Means of access||Result|
|Dalvik instruction referencing a field||
|Dalvik instruction referencing a method||
||Non-SDK members not in results|
||Non-SDK members not in results|
Testing your app for non-SDK interfaces
There are several methods that you can use to test for non-SDK interfaces in your app.
Testing using a debuggable app
You can test for non-SDK interfaces by building and running a debuggable app on a device or emulator running Android 9 (API level 28) or higher. Make sure that the device or emulator that you are using matches the target API level of your app.
While running through tests on your app, the system prints a log message if your app accesses certain non-SDK interfaces. You can inspect your app's log messages to find the following details:
- The declaring class, name, and type (in the format that is used by the Android runtime).
- The means of access: either linking, via reflection, or via JNI.
- Which list the non-SDK interface belongs to.
You can use
adb logcat to access these log messages, which appear under the
PID of the running app. For example, an entry in the log might read as follows:
Accessing hidden field Landroid/os/Message;->flags:I (light greylist, JNI)
Testing using the StrictMode API
You can also test for non-SDK interfaces by using the
StrictMode API. Use the
method to enable this. After enabling the
StrictMode API, you can receive a
callback for each usage of a non-SDK interface by using a
where you can implement custom handling. The
Violation object provided in the
callback derives from
Throwable, and the enclosed stack trace provides the
context of the usage.
Testing using the veridex tool
You can also run the static analysis tool veridex on your APK. The veridex tool scans the entire code base of the APK, including any third-party libraries, and reports any uses of non-SDK interfaces that it finds.
Limitations of the veridex tool include the following:
- It can't detect invocations through JNI.
- It can detect only a subset of invocations through reflection.
- Its analysis for inactive code paths is limited to API level checks.
Requesting a new public API
If you cannot find an alternative to using a non-SDK interface for a feature in your app, you can create a feature request for a new public API to be added to the SDK.
When creating a feature request, provide the following the following information:
- Which greylisted API(s) you are using currently, including the full descriptor
seen in the
Accessing hidden ...logcat message.
- Why you need to use these APIs, including details about the high-level feature that the API is necessary for, not just low level details.
- Why any related public SDK APIs are insufficient for your purposes.
- Any other alternatives you have tried and why these didn't work out.
When you provide these details in your feature request, you increase the likelihood that a new public API will be granted.
This section includes some answers to other questions that developers have frequently asked:
How can Google be sure they will capture the needs of all apps through the issuetracker?
We created the initial lists for Android 9 (API level 28) through static analysis of apps that was supplemented using the following methods:
- manual testing of top Play and non-Play apps
- internal reports
- automatic data collection from internal users
- developer preview reports
- additional static analysis that was designed to conservatively include more false positives
As we evaluate the lists for each new release, we take into account API usage as well as developer feedback through the issue tracker.
How can I enable access to non-SDK interfaces?
You can enable access to non-SDK interfaces on development devices by changing the API enforcement policy using the following adb commands:
adb shell settings put global hidden_api_policy_pre_p_apps 1 adb shell settings put global hidden_api_policy_p_apps 1
To reset the API enforcement policy to the default settings, use the following commands:
adb shell settings delete global hidden_api_policy_pre_p_apps adb shell settings delete global hidden_api_policy_p_apps
These commands do not require a rooted device.
You can set the integer in the API enforcement policy to one of the following values:
- 0: Disable all detection of non-SDK interfaces. Using this setting disables
all log messages for non-SDK interface usage and prevents you from testing your
app using the
StrictModeAPI. This setting is not recommended.
- 1: Enable access to all non-SDK interfaces, but print log messages with
warnings for any non-SDK interface usage. Using this setting also allows you to
test your app using the
- 2: Disallow usage of non-SDK interfaces that belong to either the blacklist or the greylist and are restricted for your target API level.
- 3: Disallow usage of non-SDK interfaces that belong to the blacklist, but allow usage of interfaces that belong to the greylist and are restricted for your target API level.
Questions about non-SDK interface lists
Where can I find the blacklist and greylists in the system image?
They are encoded in the field and method access flag bits in platform dex files. There is no separate file in the system image that contains these lists.
Are the blacklist and greylists the same on different OEM devices with the same Android versions?
OEMs can add their own interfaces to the blacklist, but they cannot remove interfaces from the AOSP black or greylists. The CDD prevents such changes and CTS tests ensure that the Android Runtime is enforcing the list.
Questions about the compatibility of related apps
Is there any restriction on non-NDK interfaces in native code?
The Android SDK includes Java interfaces. The platform started restricting access to non-NDK interfaces for native C/C++ code in Android 7 (API level 26). For more information, see Improving Stability with Private C/C++ Symbol Restrictions in Android N.
Is there any plan to restrict dex2oat or DEX file manipulation?
We don't have active plans to restrict access to the dex2oat binary, but we do not intend for the DEX file format to be stable or a public interface beyond the portions that are publicly specified in the Dalvik Executable format. We reserve the right to modify or eliminate dex2oat and the unspecified portions of the DEX format at any time. Also note that derived files produced by dex2oat such as ODEX (also known as OAT), VDEX, and CDEX are all unspecified formats.
What if a crucial third-party SDK (for example, an obfuscator) cannot avoid using non-SDK interfaces, but does commit to maintain compatibility with future Android versions? Can Android waive its compatibility requirements in this case?
We do not have plans to waive compatibility requirements on a per-SDK basis. If an SDK developer can currently only maintain compatibility by depending on interfaces in the greylists, they should begin planning a migration to SDK interfaces or other alternatives, and request a new public API whenever they cannot find an alternative to using a non-SDK interface.
Do non-SDK interface restrictions apply to all apps including system and first-party apps, not just third-party apps?
Yes, however, we exempt apps signed with the platform key, and we also have a
package whitelist for some system image apps. Note that these exemptions only
apply to apps that are part of the system image (or updated system image apps).
The list is intended only for apps that build against the private platform APIs,
rather than the SDK APIs (where
LOCAL_PRIVATE_PLATFORM_APIS := true).