Android 3.2+ Code (Inadvertently?) Preventing Write Access to External Storage

Android 3.2+ Code (Inadvertently?) Preventing Write Access to External Storage

It would seem that Google has a bug in their AOSP code that was introduced around Android 3.2, which affects how the OS handles USB Storage and can prevent write access to SD cards and USB sticks. XDA Elite Recognized Developer, Senior Moderator, and News Writer Chainfire sums up the issue in his blog post:

In the past, an app would request the “WRITE_EXTERNAL_STORAGE” permission, which would grant write access to all external storages (user/group “sdcard_rw“). This has apparently been changed to only grant write access to the primary external storage. A second permission has been introduced called “WRITE_MEDIA_STORAGE“, which would grant access to the other external storages (user/group “media_rw“).

The problem is, a third party will not actually be granted this permission, only system apps and apps provided by the device manufacturer will normally be granted this permission. There are exceptions, apparently on some devices third party apps will be granted this permission, but according to the AOSP sources, they’re certainly not supposed to.

As Chainfire investigated the issue he came across code in the /system/vold/Volume.cpp that explicitly states:

 if (primaryStorage) {
     // Special case the primary SD card.
     // For this we grant write access to the SDCARD_RW group.
     gid = AID_SDCARD_RW;
} else {
     // For secondary external storage we keep things locked up.
     gid = AID_MEDIA_RW;

On many devices, the internal flash is considered the “primary SD card.” The real SD card then becomes the secondary external storage, and is locked down—protected by the unattainable “WRITE_MEDIA_STORAGE” permission.

Chainfire submitted his question to the Android Developers Office Hours team, and they ended up discussing it in their live hangout on April 11. Unfortunately, the Google engineers present in the hangout were not able to provide any real answers, as this is a complicated issue and the question was only raised an hour before the show went live. They have however promised to get to the bottom of this issue, and get back to Chainfire (and us) at a later time.

Also according to Chainfire, the problem is actually present on ICS builds for the SGS2 as well, though Samsung “worked around it using a very ugly permission hack“:

<permission name=”android.permission.WRITE_EXTERNAL_STORAGE” >
     <group gid=”sdcard_rw” />
     <group gid=”media_rw” />

What you see here is Samsung piggybacking the WRITE_MEDIA_STORAGE permission to the WRITE_EXTERNAL_STORAGE permission, so apps do not experience the described problem.

Whether or not Google intended for connected SD Cards and USB sticks to be limited to be read-only for third-party apps remains to be seen. It does however give birth to a disturbing thought: What if the code and accompanying notes are Google’s first stages of implementing some sort of write protection for external storage, and thus further limiting our mobile freedom? We can only hope this is a genuine bug, as freedom is one of the very reasons we all avoid the Dark Side.

[Huge thanks to Chainfire for the heads up and help!]

Discuss This Story

Want more posts like this delivered to your inbox? Enter your email to be subscribed to our newsletter.