Android 13 fixes ‘loophole’ that many file managers rely on

File managers that use a loophole to access actually protected files, starting with Android 13, have to think of another way to do this.

Practically all applications that have full access to the storage space of an Android device cannot access the folder /Android and the folders that fall under it /Android/obb and Android/data due to a restriction. This measure was introduced with Android 11 and prevents applications from accessing information stored by other apps.

In contrast, there is a widely used loophole in Google’s operating system that allowed users to access folders under /Android, such as Esper explains† The loophole uses the Storage Access Framework, for which Google explicitly denied access to the /Android root directory. But access requests to subdirectories like /Android/obb and Android/data were not blocked. In short, for now, file managers can’t access /Android as a whole, but they can access specific folders within this private chunk of Android’s storage space.

With Android 13, Google adds a new limitation to the SAF; When the framework tries to open a folder, Android checks whether it is a file location that should be protected. If so, the affected file manager will not be able to access the folder, thus better protecting the storage locations of various apps from now on.

However, there are still ways to find these protected file locations. Google’s measures mainly affect third parties, while, for example, the AOSP Files app can still access /Android and folders placed below it. According to Esper, it should also be no problem to open otherwise protected folders via the PC.