Google Play restricts the use of high-risk or sensitive permissions, including special app access called All files access. This is only applicable to apps that target Android 11 (API level 30) and declare the MANAGE_EXTERNAL_STORAGE permission, which is added in Android 11. Also, this policy does not impact the usage of the READ_EXTERNAL_STORAGE permission.
If your app does not require access to the MANAGE_EXTERNAL_STORAGE permission, you must remove it from your app's manifest in order to successfully meet the policy review requirements. Details on policy-compliant alternative implementations are also enumerated below.
If your app meets the policy requirements for acceptable use or is eligible for an exception, you will be required to declare this and any other high-risk permissions using the Permissions Declaration Form in Play Console.
Apps that fail to meet policy requirements or do not submit a Permissions Declaration Form may be removed from Google Play.
When should you request the all files access permission?
You should only access the 'All files access' permission when your app cannot effectively make use of the more privacy-friendly best practices, such as the storage access framework or the MediaStore API. Bear in mind that your app shouldn’t declare permissions that it doesn’t need or use.
Core functionality
Additionally, the app’s usage of the permission must fall within permitted uses and must be directly tied to the core functionality of the app. Core functionality is defined as the main purpose of the app. Without this core functionality, the app is 'broken' or rendered unusable. The core functionality, as well as any core features that comprise this core functionality, must all be prominently documented and promoted in the app's description.
When an app’s core functionality requires 'All files access' permission, the developer must complete the Permissions Declaration Form and receive approval from Google Play.
Permitted uses of the All files access permissionFor apps requesting access to the All files access permission, intended and permitted use includes file managers, backup and restore apps, anti-virus apps and document management apps.
Apps granted access to this permission may not extend its use to undisclosed or invalid purposes.
|
Use |
Eligible permission* |
|
File management App’s core purpose involves the access, editing and management (including maintenance) of files and folders outside of its app-specific storage space |
|
|
Back up and restore apps App must have a need to automatically access multiple directories outside of its app-specific storage space for the purpose of backup and restoring |
|
|
Anti-virus apps App’s core purpose is to scan the device and provide anti-virus security features to the device user |
|
|
Document management apps Apps that must locate, access and edit compatible file types outside of its app-specific or shared storage App must justify in their Console declaration why the solutions documented in the Access app-specific files or storage access framework (a privacy-friendly option) documentation are not sufficient for their purpose |
|
|
Search (on device) App’s core purpose is to search through files and folders across the device’s external storage |
|
|
Disk/folder encryption and locking App’s core purpose is to encrypt files and folders |
|
|
Device migration/phone transfer App’s core purpose is to help the user migrate to a new device |
* Subject to Google Play review and approval.
Google Play may provide a temporary exception to apps that do not qualify as permitted use designated above, when:
- The use of the permission enables the app’s core functionality.
- There is currently no alternative method to provide the core functionality, or the use of privacy-friendly alternatives (for example, MediaStore API or storage access framework) has a substantially detrimental impact on the critical features of the app that are tied to the core functionality.
- The impact on user privacy is mitigated by security and privacy best practices.
The developer must justify in their Console declaration why the Storage Access Framework or MediaStore API is not sufficient for their app’s purpose.
In some cases, apps may wish to access sensitive user data for purposes where a safer and more secure alternative exists, or where the risk of data exposure doesn't warrant access.
Below is a list of common use cases that won't be permitted to request the MANAGE_EXTERNAL_STORAGE permission
- Media files access (see Alternatives below)
- Any file selection activity where the user manually selects individual files (see Alternatives below)
Note: This list is not exhaustive. For in-depth guidance, refer to the All files access documentation and Scoped storage best practices guidance for developers.
|
Use |
Alternatives |
|
Access of media files |
With the MediaStore API, apps can contribute and access media that’s available on an external storage volume without the need for the 'Access all files' permission. With the MediaStore API, users can easily retrieve and update media files. These files remain in the external storage volume on the user’s device – even after the app is uninstalled. |
| User selects files for importing/transferring/processing |
Developers should consider using the storage access framework as the privacy-friendly option for accessing files in shared storage. This framework supports the vast majority of use cases for apps to accomplish a full range of functionality. |
Important: If you change how your app uses these restricted permissions, you must submit the form again with updated and accurate information. Deceptive and undeclared uses of these permissions may result in a suspension of your app and/or termination of your developer account.