Android N runs in a secure, Direct Boot mode +
Android 7.0 runs in a secure, Direct Boot mode when the device has been powered on but the user has not unlocked the device. To support this, the system provides two storage locations for data:
@@ -63,21 +61,23 @@ storage. Apps register with the system by marking components asandroid:directBootAware attribute to true in your manifest.
Encryption aware components can register to receive a
-LOCKED_BOOT_COMPLETED broadcast message from the
+{@link android.content.Intent#ACTION_LOCKED_BOOT_COMPLETED
+ACTION_LOCKED_BOOT_COMPLETED} broadcast message from the
system when the device has been restarted. At this point device encrypted
storage is available, and your component can execute tasks that need to be
run during Direct Boot mode, such as triggering a scheduled alarm.
The following code snippet is an example of how to register a
{@link android.content.BroadcastReceiver} as encryption aware, and add an
-intent filter for LOCKED_BOOT_COMPLETED, in the app manifest:
<receiver android:directBootAware="true" > ... <intent-filter> - <action android:name="android.intent.action.LOCKED_BOOT_COMPLETED" /> + <action android:name="android.intent.action.ACTION_LOCKED_BOOT_COMPLETED" /> </intent-filter> </receiver>@@ -89,7 +89,8 @@ device encrypted storage as well as credential encrypted storage.
To access device encrypted storage, create a second
{@link android.content.Context} instance by calling
-Context.createDeviceProtectedStorageContext(). All storage API
+{@link android.content.Context#createDeviceProtectedStorageContext
+Context.createDeviceProtectedStorageContext()}. All storage API
calls made using this context access the device encrypted storage. The
following example accesses the device encrypted storage and opens an existing
app data file:
If the user has unlocked the device, you can find out by calling
-UserManager.isUserUnlocked().
If a user updates their device to use Direct Boot mode, you might have
existing data that needs to get migrated to device encrypted storage. Use
-Context.moveSharedPreferencesFrom() and
-Context.moveDatabaseFrom() to migrate preference and database
+{@link android.content.Context#moveSharedPreferencesFrom
+Context.moveSharedPreferencesFrom()} and
+{@link android.content.Context#moveDatabaseFrom
+Context.moveDatabaseFrom()} to migrate preference and database
data between credential encrypted storage and device encrypted storage.
Use your best judgment when deciding what data to migrate from credential @@ -146,13 +151,13 @@ separate sets of data in the two encrypted stores.
Test your encryption aware app using the new Direct Boot mode. There are +
Test your encryption aware app with Direct Boot mode enabled. There are two ways to enable Direct Boot.
Caution: Enabling Direct Boot wipes all user data on the device.
-On supported devices with Android N installed, enable +
On supported devices with Android 7.0 installed, enable Direct Boot by doing one of the following:
If you build a device administration app -that targets Android N, make sure to check for both +that targets Android 7.0, make sure to check for both {@link android.app.admin.DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE ENCRYPTION_STATUS_ACTIVE} and {@link android.app.admin.DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_PER_USER