Android API Restrictions Fairly Easy to Circumvent

Some enterprising developers have found a way to get around the hidden API restrictions that Google embedded into the Android 9 Pie and Android 10 SDKs. These methods are not condoned or even acknowledged by Google, so proceed around the limits and restrictions at your own risk. 

The Android SDK may offer many developers all the tools they'll ever need for writing and publishing apps for Google's Android platform. Despite the strengths of the SDK and Android Studio, not all of Android's powers are accessible directly. Some are buried in the SDK, but only accessible to certain parties, such as OEMs, while others have been left out of the SDK entirely.

Through Android 8, these tools were mostly just hidden, but discoverable if you knew where to look. Google changed that with Android 9 and Android 10. The easiest way to get around the restrictions was to target API level 27, or the equivalent of Android 8.1. That's no longer possible, so some have been seeing another way to tap into Android's secret powers. 

According to XDA Developers, this is managed through an API blacklist. The blacklist applies to non-whitelisted apps only, such as system and Google Play apps. XDA says using a technique called reflection can let apps mimic system apps and get around the blacklist. Using regular reflection techniques aren't enough; instead, you'll need to use double reflections to bypass Google's limitations. XDA took it a step further and created a one-time code block that acts as a wrapper for the process. 

"Make a custom Application class, put that code in the onCreate() method, and bam, no more restrictions," claims XDA. 

ProgrammableWeb reached out to Google for comment on this workaround. The search giant did not respond before the time of publication. Suffice it to say, however, that there may be consequences for taking this route to access the hidden APIs and other tools within the Android Studio SDK.

Be sure to read the next Hacking article: ProgrammableWeb's Most Clicked, Shared and Talked About APIs of 2019: Security and Privacy

 

Comments (0)