While Samsung Galaxy devices had new restrictions on microSD read/write access, it was hard to say whether this was the start of a trend for all Android OEMs as restrictions on microSD were bypassed by most OEMs, as the vast majority of functionality such as moving apps to microSD were ported to Android 4.x builds. The story is more than just about Android 4.4 though, as the change in microSD functionality happened some time in the 3.x releases of Honeycomb.

Before Honeycomb, Android was heavily reliant upon microSD cards, as the vast majority of smartphones carried forward the storage model from the days of Windows Mobile, with very little internal storage for the OS and its applications. Everything else had to be placed on a microSD card, which meant the OS was useless if the microSD card was ejected. The same was true of most early Android smartphones. This is the model that most everyone is familiar with. Any application could read and write anywhere they wished on the microSD card with appropriate permissions.

The new model arrived with Honeycomb, which placed permission controls on the microSD card. This disallowed any third party application from writing to the microSD card, although they could write to their own private folder on the microSD card, much like how applications can write to their own folder on /data/apps/ but they can't modify any other folder in that directory. With permission to write to external storage, it is possible to read any file on the microSD card that isn’t a private folder, but it isn’t possible to write to any other folder. The permission to write to any folder on the microSD card is now limited to system/OS applications only.

This means that while Google Play Edition devices like the LG G Pad and Samsung Galaxy S4 followed the behavior that was set by Google as far back as Honeycomb, devices like the Galaxy S4 with TouchWiz never had such restrictions on microSD, custom ROMs altered the restrictions that Google had placed, and in general, microSD behavior continued to work as it did in Android 2.3 for the vast majority of people using Android.

The big news isn’t that Samsung is adopting the change. Rather, it seems that Google is now enforcing this change in microSD behavior across all OEMs. Presumably, this means that the Android CTS (Compatibility Test Suite) now requires compliance with the new system of accessing microSD storage. Based upon user feedback, both Samsung and HTC devices with microSD slots are no longer capable of allowing user applications to write to folders outside of the application’s private folder. While it was once hard to say whether this would only be followed by a few OEMs, it seems that this standard is well on track to universal adoption.

This sounds like a major issue, but Google has clearly planned this out, as the Storage Access Framework feature in Android 4.4 allows file manipulation of data on the microSD slot and can provide access to data on the microSD card without allowing free access of all data on the microSD card. At any rate, an example of the SAF UI can be seen below.

What seems to throw a wrench into everything is that the primary internal storage partition still has the same behavior as microSD cards before Honeycomb. This means that any data in the /data/media/ directory has no permission control. It seems that Google has backed themselves into a corner in a way, because this odd inconsistency is needed to maintain backwards compatibility with applications that still assume that /sdcard/ can be written to in any manner, and any file on /sdcard/ can be read as well. Google also hasn't done anything about USB-OTG storage, which is still left up to the OEM to decide implementation. That means nothing changes when it comes to primary internal storage and USB storage.

Some may say that this is a clear attempt to kill off expandable storage and attempt to force cloud storage upon more users, but recent events have made it clear that this is a move targeted at OS security, as the popular chat application Whatsapp could have all messages easily accessed by any application that could read the SD card. On 4.4, despite the lack of security on the part of the developer, such a security breach wouldn’t be possible. However, whether this gain in security is worth the transition period between a robust permissions system for microSD/FAT systems on Android and the status quo is another question entirely, and is one that may not have an answer.

POST A COMMENT

43 Comments

View All Comments

  • Tarwin - Saturday, March 15, 2014 - link

    Actually, part of the problem is precisely that this applies to the external SD card and not the internal "sd card". I can understand restricting access to system files (though an option for advanced users wouldn't be such a bad thing) but I believe I should be able to do as I wish with the files on the external SD as I've yet to see a program actually put their files there. Reply
  • digi_owl - Sunday, March 16, 2014 - link

    It only affects it, in the restrictive sense, if it is mounted as "secondary" storage (something that Android never had any good handling off).

    Primary storage can be any of 3 things, a partition on the internal storage space, a union mount on top of the internal storage space, a true removable SD card. The last option is rarely used these days tho.

    End result is that the read only restriction comes into play on secondary storage, while primary storage is what Google have sadly insisted on referring to "SD card" all these years.
    Reply
  • speculatrix - Saturday, March 15, 2014 - link

    Why didn't Google simply require that people reformat their flash cards with a proper file system where file ownership and protection works just the same as the rest of the OS's file spaces?

    Then you have file spaces for music, movies, ebooks, documents etc can be shared amongst apps which have a genuine reason to read or read-write the files.

    Ok, so you can't take the memory card out and put in a windows or mac computer, but there's still MTP; and I'm sure it's not beyond the wit of Google to improve the linux ext3 or ext4 file system drivers for OSX or Windows.
    Reply
  • StrangerGuy - Saturday, March 15, 2014 - link

    "Some may say that this is a clear attempt to kill off expandable storage and attempt to force cloud storage upon more users, but recent events have made it clear that this is a move targeted at OS security"

    That makes as much sense as a PC cannot have a 2nd HDD or run programs on it because Windows has a vulnerability.
    Reply
  • Tujan - Sunday, March 16, 2014 - link

    Just got to thank you for that comment. Because without being splashed over the head with cold water,or having somebody click their thumbs. I would have continued into being some form of submissive orb.

    Thank you.
    Reply
  • cjs150 - Monday, March 17, 2014 - link

    Joshua is right this change is as much about forcing people to move to the cloud as it is about security.

    Problem is that the cloud model is flawed if you are in location that does not allow internet access (eg a plane) or have very slow access. The people making these design decisions never factor that in.

    Ultimately what they want is cloud based subscription services, I do not. I have no objections to the cloud it has its uses but it is not a panacea. I use my tablet as an entertainment device. What I want to do is stick a 64 Gb microsd card in and have 20+ movies or a couple of TV series to watch. If I need more I take a wireless hard disk with me. My uses are not the same as everyone elses
    Reply
  • beginner99 - Tuesday, March 18, 2014 - link

    Not to mention that when you actually have fast cloud access (LTE) you are limited by the amount of data your plan supports (for free) and where I live that amount is unusable for any kind of media files. Of course there are more expensive plans but most people can't really afford those. Reply
  • Arbie - Monday, March 17, 2014 - link

    cjs150: I agree completely. Reply
  • Hrel - Wednesday, March 19, 2014 - link

    "However, whether this gain in security is worth the transition period between a robust permissions system for microSD/FAT systems on Android and the status quo is another question entirely, and is one that may not have an answer."

    I think it's good, IF it drives OEM's to start producing pre-paid smartphones with more than 1 or 2GB of internal storage. Considering how cheap memory is, and how SSD's (NAND) just plummeted in terms of price/GB there's no reason besides greed for including anything less than 8GB on board storage.

    I think Google is trying to make that the minimum for integrated phone storage (partly because it costs OEMS effectively NOTHING to do, but also to improve user experience. Since internal storage is almost always faster than external). Really though when we're talking about 200-400$ phones the difference between 8GB and 16GB of internal storage is negligible. Worst case scenario they should offer different versions of the phones with a REASONABLE price increase for the upper level storage.

    Reasonable meaning the price increase to the customer is in line with the cost increase to the OEM. So basically nothing.
    Reply
  • Haravikk - Monday, March 24, 2014 - link

    Hopefully it'll finally stop third party apps from littering files all over the damned SD card and actually set a consistent location for that stuff. Reply

Log in

Don't have an account? Sign up now