UpdateInfoService

Artifact: androidx.security:security-state-provider

Kotlin |Java

abstract class UpdateInfoService : Service

kotlin.Any
↳	android.content.Context
	↳	android.content.ContextWrapper
		↳	android.app.Service
			↳	androidx.security.state.provider.UpdateInfoService

Base class for implementing the AndroidX Security State Update Provider service.

This abstract class provides the foundational implementation for the IUpdateInfoService AIDL interface. It manages the complexity of serving security update information to client applications, enforcing a consistent contract for data freshness, resource usage, and observability.

Responsibilities

IPC Handling: Manages the AIDL binding process and verifies Intent actions.
Concurrency Control: Implements Double-Checked Locking to prevent "thundering herd" scenarios where multiple clients trigger parallel network requests.
Rate Limiting: Enforces a default throttling policy (e.g., maximum one check per hour) to protect backend infrastructure.
Caching: Automatically persists fetched results and freshness metadata to local storage.

Monitoring & Telemetry

To support high-scale hosts that require strict monitoring, this class provides a comprehensive set of observability hooks. Hosts can override these methods to integrate with their own logging infrastructure:

onRequestCompleted: Report granular performance metrics (latency, lock contention) and usage.
onClientConnected / onClientDisconnected: Track service session lifecycles and adoption.
onFetchFailed: Report backend errors and exceptions.
dump: Debug internal state via adb shell.

Host Implementation

Host applications (such as the System Updater, Google Play Store, or OEM-specific updaters) must extend this class and implement the fetchUpdates method to provide the actual network logic.

Manifest Declaration

To expose this service, you must declare it in your AndroidManifest.xml with the exported="true" attribute and an intent-filter for the UPDATE_INFO_SERVICE action:

<service
    android:name=".MyUpdateInfoService"
    android:exported="true">
    <intent-filter>
        <action android:name="androidx.security.state.provider.UPDATE_INFO_SERVICE" />
    </intent-filter>
</service>

Summary

Public constructors
`UpdateInfoService()`

Public functions
`open Unit`	`dump(fd: FileDescriptor?, writer: PrintWriter?, args: Array<String>?)` Dumps the state of the service for debugging (e.g. `adb shell dumpsys activity service`).
`final IBinder?`	`onBind(intent: Intent?)` Called by the system when a client binds to the particular interface defined by the `intent`.
`final Boolean`	`onUnbind(intent: Intent?)` Called by the system when all clients have disconnected from the particular interface defined by the `intent`.

Protected functions
`abstract suspend List<UpdateInfo>`	`fetchUpdates()` Performs the actual network request to fetch fresh updates from the backend.
`open Int`	`getCallerUid()` Retrieves the UID of the calling process.
`open Unit`	`onClientConnected(intent: Intent)` Called when a client binds to the particular interface defined by the `intent`.
`open Unit`	`onClientDisconnected(intent: Intent?)` Called when all clients have disconnected from the particular interface defined by the `intent`.
`open Unit`	`onFetchFailed(e: Exception)` Callback for handling exceptions that occur during the update check process.
`open Unit`	`onRequestCompleted(telemetry: UpdateCheckTelemetry)` Called when a request completes.
`open Boolean`	`shouldFetchUpdates()` Determines if the local cache is stale and a refresh should be attempted.
`open Boolean`	`shouldThrottle()` Checks if the operation should be throttled based on the rate limiter.

Inherited functions

From android.content.Context

`open Boolean`	`bindIsolatedService( p0: Intent, p1: Context.BindServiceFlags, p2: String, p3: Executor, p4: ServiceConnection )`
`Int`	`getColor(p0: Int)`
`ColorStateList`	`getColorStateList(p0: Int)`
`Drawable?`	`getDrawable(p0: Int)`
`String`	`getString(p0: Int)`
`String`	`getString(p0: Int, vararg p1: Any)`
`T`	`<T : Any> getSystemService(p0: Class<T>)`
`CharSequence`	`getText(p0: Int)`
`TypedArray`	`obtainStyledAttributes(p0: IntArray)`
`TypedArray`	`obtainStyledAttributes(p0: AttributeSet?, p1: IntArray)`
`TypedArray`	`obtainStyledAttributes(p0: Int, p1: IntArray)`
`TypedArray`	`obtainStyledAttributes(p0: AttributeSet?, p1: IntArray, p2: Int, p3: Int)`
`open Unit`	`revokeSelfPermissionOnKill(p0: String)`
`open Unit`	`sendBroadcastWithMultiplePermissions(p0: Intent, p1: Array<String>)`

From android.content.ContextWrapper

`open Boolean`	`bindIsolatedService( p0: Intent, p1: Int, p2: String, p3: Executor, p4: ServiceConnection )`
`open Boolean`	`bindService( p0: Intent, p1: ServiceConnection, p2: Context.BindServiceFlags )`
`open Boolean`	`bindService(p0: Intent, p1: ServiceConnection, p2: Int)`
`open Boolean`	`bindService( p0: Intent, p1: Context.BindServiceFlags, p2: Executor, p3: ServiceConnection )`
`open Boolean`	`bindService(p0: Intent, p1: Int, p2: Executor, p3: ServiceConnection)`
`open Boolean`	`bindServiceAsUser( p0: Intent, p1: ServiceConnection, p2: Context.BindServiceFlags, p3: UserHandle )`
`open Boolean`	`bindServiceAsUser(p0: Intent, p1: ServiceConnection, p2: Int, p3: UserHandle)`
`open Int`	`checkCallingOrSelfPermission(p0: String)`
`open Int`	`checkCallingOrSelfUriPermission(p0: Uri, p1: Int)`
`open IntArray`	`checkCallingOrSelfUriPermissions(p0: MutableList<Uri>, p1: Int)`
`open Int`	`checkCallingPermission(p0: String)`
`open Int`	`checkCallingUriPermission(p0: Uri, p1: Int)`
`open IntArray`	`checkCallingUriPermissions(p0: MutableList<Uri>, p1: Int)`
`open Int`	`checkContentUriPermissionFull(p0: Uri, p1: Int, p2: Int, p3: Int)`
`open Int`	`checkPermission(p0: String, p1: Int, p2: Int)`
`open Int`	`checkSelfPermission(p0: String)`
`open Int`	`checkUriPermission(p0: Uri, p1: Int, p2: Int, p3: Int)`
`open Int`	`checkUriPermission(p0: Uri?, p1: String?, p2: String?, p3: Int, p4: Int, p5: Int)`
`open IntArray`	`checkUriPermissions(p0: MutableList<Uri>, p1: Int, p2: Int, p3: Int)`
`open Unit`	`clearWallpaper()` This function is deprecated. Deprecated in Java
`open Context`	`createAttributionContext(p0: String?)`
`open Context`	`createConfigurationContext(p0: Configuration)`
`open Context`	`createContext(p0: ContextParams)`
`open Context`	`createContextForSplit(p0: String)`
`open Context`	`createDeviceContext(p0: Int)`
`open Context`	`createDeviceProtectedStorageContext()`
`open Context`	`createDisplayContext(p0: Display)`
`open Context`	`createPackageContext(p0: String, p1: Int)`
`open Context`	`createWindowContext(p0: Int, p1: Bundle?)`
`open Context`	`createWindowContext(p0: Display, p1: Int, p2: Bundle?)`
`open Array<String>`	`databaseList()`
`open Boolean`	`deleteDatabase(p0: String)`
`open Boolean`	`deleteFile(p0: String)`
`open Boolean`	`deleteSharedPreferences(p0: String)`
`open Unit`	`enforceCallingOrSelfPermission(p0: String, p1: String?)`
`open Unit`	`enforceCallingOrSelfUriPermission(p0: Uri, p1: Int, p2: String)`
`open Unit`	`enforceCallingPermission(p0: String, p1: String?)`
`open Unit`	`enforceCallingUriPermission(p0: Uri, p1: Int, p2: String)`
`open Unit`	`enforcePermission(p0: String, p1: Int, p2: Int, p3: String?)`
`open Unit`	`enforceUriPermission(p0: Uri, p1: Int, p2: Int, p3: Int, p4: String)`
`open Unit`	`enforceUriPermission( p0: Uri?, p1: String?, p2: String?, p3: Int, p4: Int, p5: Int, p6: String? )`
`open Array<String>`	`fileList()`
`open Context`	`getApplicationContext()`
`open ApplicationInfo`	`getApplicationInfo()`
`open AssetManager`	`getAssets()`
`open AttributionSource`	`getAttributionSource()`
`open String?`	`getAttributionTag()`
`open Context`	`getBaseContext()`
`open File`	`getCacheDir()`
`open ClassLoader`	`getClassLoader()`
`open File`	`getCodeCacheDir()`
`open ContentResolver`	`getContentResolver()`
`open File`	`getDataDir()`
`open File`	`getDatabasePath(p0: String)`
`open Int`	`getDeviceId()`
`open File`	`getDir(p0: String, p1: Int)`
`open Display?`	`getDisplay()`
`open File?`	`getExternalCacheDir()`
`open Array<File>`	`getExternalCacheDirs()`
`open File?`	`getExternalFilesDir(p0: String?)`
`open Array<File>`	`getExternalFilesDirs(p0: String)`
`open Array<File>`	`getExternalMediaDirs()`
`open File`	`getFileStreamPath(p0: String)`
`open File`	`getFilesDir()`
`open Executor`	`getMainExecutor()`
`open Looper`	`getMainLooper()`
`open File`	`getNoBackupFilesDir()`
`open File`	`getObbDir()`
`open Array<File>`	`getObbDirs()`
`open String`	`getOpPackageName()`
`open String`	`getPackageCodePath()`
`open PackageManager`	`getPackageManager()`
`open String`	`getPackageName()`
`open String`	`getPackageResourcePath()`
`open ContextParams?`	`getParams()`
`open Resources`	`getResources()`
`open SharedPreferences`	`getSharedPreferences(p0: String, p1: Int)`
`open Any`	`getSystemService(p0: String)`
`open String?`	`getSystemServiceName(p0: Class<*>)`
`open Resources.Theme`	`getTheme()`
`open Drawable`	`getWallpaper()` This function is deprecated. Deprecated in Java
`open Int`	`getWallpaperDesiredMinimumHeight()` This function is deprecated. Deprecated in Java
`open Int`	`getWallpaperDesiredMinimumWidth()` This function is deprecated. Deprecated in Java
`open Unit`	`grantUriPermission(p0: String, p1: Uri, p2: Int)`
`open Boolean`	`isDeviceProtectedStorage()`
`open Boolean`	`isRestricted()`
`open Boolean`	`isUiContext()`
`open Boolean`	`moveDatabaseFrom(p0: Context, p1: String)`
`open Boolean`	`moveSharedPreferencesFrom(p0: Context, p1: String)`
`open FileInputStream`	`openFileInput(p0: String)`
`open FileOutputStream`	`openFileOutput(p0: String, p1: Int)`
`open SQLiteDatabase`	`openOrCreateDatabase(p0: String, p1: Int, p2: SQLiteDatabase.CursorFactory)`
`open SQLiteDatabase`	`openOrCreateDatabase( p0: String, p1: Int, p2: SQLiteDatabase.CursorFactory, p3: DatabaseErrorHandler? )`
`open Drawable`	`peekWallpaper()` This function is deprecated. Deprecated in Java
`open Unit`	`registerComponentCallbacks(p0: ComponentCallbacks)`
`open Unit`	`registerDeviceIdChangeListener(p0: Executor, p1: IntConsumer)`
`open Intent?`	`registerReceiver(p0: BroadcastReceiver?, p1: IntentFilter)`
`open Intent?`	`registerReceiver(p0: BroadcastReceiver?, p1: IntentFilter, p2: Int)`
`open Intent?`	`registerReceiver( p0: BroadcastReceiver?, p1: IntentFilter, p2: String?, p3: Handler? )`
`open Intent?`	`registerReceiver( p0: BroadcastReceiver?, p1: IntentFilter, p2: String?, p3: Handler?, p4: Int )`
`open Unit`	`removeStickyBroadcast(p0: Intent)` This function is deprecated. Deprecated in Java
`open Unit`	`removeStickyBroadcastAsUser(p0: Intent, p1: UserHandle)` This function is deprecated. Deprecated in Java
`open Unit`	`revokeSelfPermissionsOnKill(p0: MutableCollection<String>)`
`open Unit`	`revokeUriPermission(p0: Uri, p1: Int)`
`open Unit`	`revokeUriPermission(p0: String, p1: Uri, p2: Int)`
`open Unit`	`sendBroadcast(p0: Intent)`
`open Unit`	`sendBroadcast(p0: Intent, p1: String?)`
`open Unit`	`sendBroadcast(p0: Intent, p1: String?, p2: Bundle?)`
`open Unit`	`sendBroadcastAsUser(p0: Intent, p1: UserHandle)`
`open Unit`	`sendBroadcastAsUser(p0: Intent, p1: UserHandle, p2: String?)`
`open Unit`	`sendOrderedBroadcast(p0: Intent, p1: String?)`
`open Unit`	`sendOrderedBroadcast(p0: Intent, p1: String?, p2: Bundle?)`
`open Unit`	`sendOrderedBroadcast( p0: Intent, p1: String?, p2: BroadcastReceiver?, p3: Handler?, p4: Int, p5: String?, p6: Bundle? )`
`open Unit`	`sendOrderedBroadcast( p0: Intent, p1: String?, p2: Bundle?, p3: BroadcastReceiver?, p4: Handler?, p5: Int, p6: String?, p7: Bundle? )`
`open Unit`	`sendOrderedBroadcast( p0: Intent, p1: String?, p2: String?, p3: BroadcastReceiver?, p4: Handler?, p5: Int, p6: String?, p7: Bundle? )`
`open Unit`	`sendOrderedBroadcast( p0: Intent, p1: Int, p2: String?, p3: String?, p4: BroadcastReceiver?, p5: Handler?, p6: String?, p7: Bundle?, p8: Bundle? )`
`open Unit`	`sendOrderedBroadcastAsUser( p0: Intent, p1: UserHandle, p2: String?, p3: BroadcastReceiver?, p4: Handler?, p5: Int, p6: String?, p7: Bundle? )`
`open Unit`	`sendStickyBroadcast(p0: Intent)` This function is deprecated. Deprecated in Java
`open Unit`	`sendStickyBroadcast(p0: Intent, p1: Bundle?)` This function is deprecated. Deprecated in Java
`open Unit`	`sendStickyBroadcastAsUser(p0: Intent, p1: UserHandle)` This function is deprecated. Deprecated in Java
`open Unit`	`sendStickyOrderedBroadcast( p0: Intent, p1: BroadcastReceiver?, p2: Handler?, p3: Int, p4: String?, p5: Bundle? )` This function is deprecated. Deprecated in Java
`open Unit`	`sendStickyOrderedBroadcastAsUser( p0: Intent, p1: UserHandle, p2: BroadcastReceiver?, p3: Handler?, p4: Int, p5: String?, p6: Bundle? )` This function is deprecated. Deprecated in Java
`open Unit`	`setTheme(p0: Int)`
`open Unit`	`setWallpaper(p0: Bitmap)` This function is deprecated. Deprecated in Java
`open Unit`	`setWallpaper(p0: InputStream)` This function is deprecated. Deprecated in Java
`open Unit`	`startActivities(p0: Array<Intent>)`
`open Unit`	`startActivities(p0: Array<Intent>, p1: Bundle?)`
`open Unit`	`startActivity(p0: Intent)`
`open Unit`	`startActivity(p0: Intent, p1: Bundle?)`
`open ComponentName?`	`startForegroundService(p0: Intent)`
`open Boolean`	`startInstrumentation(p0: ComponentName, p1: String?, p2: Bundle?)`
`open Unit`	`startIntentSender(p0: IntentSender, p1: Intent?, p2: Int, p3: Int, p4: Int)`
`open Unit`	`startIntentSender( p0: IntentSender, p1: Intent?, p2: Int, p3: Int, p4: Int, p5: Bundle? )`
`open ComponentName?`	`startService(p0: Intent)`
`open Boolean`	`stopService(p0: Intent)`
`open Unit`	`unbindService(p0: ServiceConnection)`
`open Unit`	`unregisterComponentCallbacks(p0: ComponentCallbacks)`
`open Unit`	`unregisterDeviceIdChangeListener(p0: IntConsumer)`
`open Unit`	`unregisterReceiver(p0: BroadcastReceiver)`
`open Unit`	`updateServiceGroup(p0: ServiceConnection, p1: Int, p2: Int)`

From android.app.Service

`open Unit`	`attachBaseContext(p0: Context)`
`Application`	`getApplication()`
`Int`	`getForegroundServiceType()`
`open Unit`	`onConfigurationChanged(p0: Configuration)`
`open Unit`	`onCreate()`
`open Unit`	`onDestroy()`
`open Unit`	`onLowMemory()` This function is deprecated.
`open Unit`	`onRebind(p0: Intent)`
`open Unit`	`onStart(p0: Intent, p1: Int)` This function is deprecated. Deprecated in Java
`open Int`	`onStartCommand(p0: Intent, p1: Int, p2: Int)`
`open Unit`	`onTaskRemoved(p0: Intent)`
`open Unit`	`onTimeout(p0: Int)`
`open Unit`	`onTimeout(p0: Int, p1: Int)`
`open Unit`	`onTrimMemory(p0: Int)`
`Unit`	`startForeground(p0: Int, p1: Notification)`
`Unit`	`startForeground(p0: Int, p1: Notification, p2: Int)`
`Unit`	`stopForeground(p0: Boolean)` This function is deprecated. Deprecated in Java
`Unit`	`stopForeground(p0: Int)`
`Unit`	`stopSelf()`
`Unit`	`stopSelf(p0: Int)`
`Boolean`	`stopSelfResult(p0: Int)`

Public constructors

UpdateInfoService

Added in 1.0.0-alpha02

UpdateInfoService()

Public functions

dump

Added in 1.0.0-alpha02

open fun dump(fd: FileDescriptor?, writer: PrintWriter?, args: Array<String>?): Unit

Dumps the state of the service for debugging (e.g. adb shell dumpsys activity service).

This implementation provides a snapshot of the internal state, including:

Active Request Count: To detect stuck threads or high concurrency.
Global Last Check Time: The timestamp of the last successful service-wide sync (Service Health).
Throttling Status: Whether the rate limiter is currently blocking network requests.
Cached Updates: A complete list of stored updates with detailed metadata (Component, SPL, Provider, Published Date, Last Checked Time).

onBind

Added in 1.0.0-alpha02

final fun onBind(intent: Intent?): IBinder?

Called by the system when a client binds to the particular interface defined by the intent.

This method verifies that the Intent action matches the expected contract (ACTION_BIND). If the action is missing or incorrect, the binding is rejected to ensure the service is not exposed unintentionally.

Lifecycle Note: Because the client library attaches unique data (the package name) to the intent, this method is called for every new client session, allowing the onClientConnected hook to reliably track individual connections.

Parameters
`intent: Intent?`	The Intent that was used to bind to this service.

Returns
`IBinder?`	The IBinder interface for clients to interact with the service, or `null` if the Intent action is invalid.

onUnbind

Added in 1.0.0-alpha02

final fun onUnbind(intent: Intent?): Boolean

Called by the system when all clients have disconnected from the particular interface defined by the intent.

This method is marked final to enforce the library's lifecycle contract. It performs two critical actions:

Triggers the onClientDisconnected hook, allowing the host to log the end of the session.
Returns false, which forces the Android system to call onBind (and thus onClientConnected) for all future connections. This simplifies telemetry by ensuring a consistent "Connect -> Disconnect" cycle without needing to handle the onRebind edge case.

Parameters
`intent: Intent?`	The Intent that was used to bind to this service.

Returns
`Boolean`	`false` to ensure `onRebind` is not called.

Protected functions

fetchUpdates

protected abstract suspend fun fetchUpdates(): List<UpdateInfo>

Performs the actual network request to fetch fresh updates from the backend.

Implementations of this method should:

Block until the network request completes.
Return the list of updates found.
Throw an exception if the network request fails (this will be caught and logged).

Note: This method is only called if shouldFetchUpdates returns true and the rate limiter allows the request.

Returns
`List<UpdateInfo>`	A list of `UpdateInfo` objects currently available for the device.

getCallerUid

Added in 1.0.0-alpha02

protected open fun getCallerUid(): Int

Retrieves the UID of the calling process.

The default implementation delegates to android.os.Binder.getCallingUid. Host implementations using a proxy or broker architecture should override this to return the logical client UID instead of the broker's UID, ensuring correct attribution.

onClientConnected

Added in 1.0.0-alpha02

protected open fun onClientConnected(intent: Intent): Unit

Called when a client binds to the particular interface defined by the intent.

This method is invoked during onBind after the Intent action has been verified.

Usage: Override this method to log connection metrics (e.g., "Session Started") or track adoption trends.

Client Identity: The intent passed to this method typically contains the client's package name in the data URI (e.g., package:com.example.client). This allows you to identify which app is starting a session. Note that this value is self-reported by the client library and is useful for aggregate trends but less secure than the UpdateCheckTelemetry.callerUid captured in onRequestCompleted.

Lifecycle: Because the client library attaches unique data to the bind Intent, this method is called for every new client session, enabling accurate session counting.

Parameters
`intent: Intent`	The Intent that was used to bind to this service.

onClientDisconnected

Added in 1.0.0-alpha02

protected open fun onClientDisconnected(intent: Intent?): Unit

Called when all clients have disconnected from the particular interface defined by the intent.

This method is invoked during onUnbind.

Usage: Override this method to log session ends (e.g., "Session Ended") to calculate session duration when paired with onClientConnected. You can also use this to perform per-client resource cleanup.

Parameters
`intent: Intent?`	The Intent that was used to bind to this service. It contains the same identification data as passed to `onClientConnected`.

onFetchFailed

Added in 1.0.0-alpha02

protected open fun onFetchFailed(e: Exception): Unit

Callback for handling exceptions that occur during the update check process.

This method is invoked if any step of the update logic fails, including:

Determining cache freshness (shouldFetchUpdates).
Recording rate-limit attempts.
Fetching data from the backend (fetchUpdates).
Persisting the results to local storage.

The default implementation logs the error to Logcat. Hosts can override this to report errors to their own telemetry or crash reporting systems.

Parameters
`e: Exception`	The exception thrown during the operation.

onRequestCompleted

Added in 1.0.0-alpha02

protected open fun onRequestCompleted(telemetry: UpdateCheckTelemetry): Unit

Called when a request completes. Override this to log telemetry.

This hook is called for every request to listAvailableUpdates, regardless of whether it succeeded, failed, was throttled, or was served from the cache.

Usage: Use this hook to log granular performance metrics (latency histograms) and resource usage.

Attribution: The telemetry object contains the UpdateCheckTelemetry.callerUid, which is the Kernel-verified UID of the calling process. This is the authoritative source for attributing load (CPU/Network/Lock Contention) to specific client applications.

Parameters
`telemetry: UpdateCheckTelemetry`	The `UpdateCheckTelemetry` containing metrics and outcomes.

shouldFetchUpdates

Added in 1.0.0-alpha02

protected open fun shouldFetchUpdates(): Boolean

Determines if the local cache is stale and a refresh should be attempted.

The default implementation returns true if the data is older than 1 hour. Hosts can override this to implement custom caching policies (e.g., 4 hours, 24 hours).

Returns
`Boolean`	`true` if a network fetch should be attempted.

shouldThrottle

Added in 1.0.0-alpha02

protected open fun shouldThrottle(): Boolean

Checks if the operation should be throttled based on the rate limiter.

The default implementation delegates to an internal rate limiter that enforces a cooling-off period (e.g., one check per hour). Hosts can override this to inject custom rate limiting logic (e.g., battery checks).

Returns
`Boolean`	`true` if the request should be blocked.