DP-3T/dp3t-sdk-android

minSdkVersion as low as possible

fynngodau opened this issue ยท 8 comments

To allow as many users as possible to participate, the minimum Android version should be as low as possible. Since BLE is introduced in Android 4.3 (API 18), this would be the ideal minSdkVersion.

With the help of the Android linter, I will summarize the sections that would be highlighted as incompatible depending on the API version one would pick as a minSdkVersion.

API 21

  • The library androidx.security:security-crypto only supports API 23. Likely, it could be replaced with the library Android-Vault, which uses the Android keystore to store the key as well.

As well as these trivial issues:

API 19

  • A lot of Bluetooth APIs were apparently rewritten; those rewrites are only included in API 21. As such, using the old (deprecated) methods would require a rewrite of BleClient and BleServer as an alternative for older devices. Some calls in GattConnectionTask would have to be changed.

API 18

Trivial issues:

Once they will implement Google Api the minSdk should be 23 (android 6). So no need to support androidSdk < 23 right?

@corrado4eyes I believe there should be an implementation independent from GMS, see #10.

AFAIK, the minimum Android version which supports BLE peripheral mode is 5.0.
Android 4.3 would require a screen to be unlocked to send beacons, just like any version of iOS.

So even if API 18 is supported, it would give user a false sense of security, since there would be huge gaps in tracing.

@Vanuan Thank you, I did not know this.

Our only hope for 99% adoption is that Google/Apple somehow backport/update their older OS without user consent, basically installing malware. But even then app developers would be limited by APIs they provide, the beacon database would likely be encrypted and not available without rooting, and BLE protocol being closed source.

Adding new APIs to deprecated systems is what the GMS are designed for. I personally would generally consider them to be malware because it behaves in ways I don't support and can't control.

However I'm not sure whether the GMS have such a deep control over the system that it would allow such a change, which sounds to me like it would be relatively low-level.

On the other hand, they already announced their Tracing API will be Marshmellow and up.

New information from Android Exposure API:

Bluetooth functionality, including all broadcast and scanning for BLE beacons and local
database storage, happens within Google Play services on-device. Your app will need to
have the BLUETOOTH permission in its manifest, but does not require
ACCESS_FINE_LOCATION or BLUETOOTH_ADMIN. For your app to work on a device, the
device must be running Android version 5.0 (API version 21) or higher.

So the minimum version should be API 21.

So I am ready and willing to work on this issue (to lower the minSdkVersion to 21), if I can get some buy-in from a core contributor that this would be considered for the production app.

Every additional accessible phone makes a difference, especially down-market (cheap) phones, which are predominantly used by citizens who are more likely to be disadvantaged (older, less disposable income, second phones for older teens, etc)