1## 3.5\. API Behavioral Compatibility
2
3Device implementations:
4
5*    [C-0-9] MUST ensure that API behavioral compatibility is applied for all
6installed apps unless they are restricted as described in
7[Section 3.5.1](#3_5_1-background-restriction).
8*    [C-0-10] MUST NOT implement the whitelisting approach that ensures API
9behavioral compatibility only for apps that are selected by device
10implementers.
11
12The behaviors of each of the API types (managed, soft, native, and web) must be
13consistent with the preferred implementation of the upstream
14[Android Open Source Project](http://source.android.com/). Some specific areas
15of compatibility are:
16
17*    [C-0-1] Devices MUST NOT change the behavior or semantics of a
18     standard intent.
19*    [C-0-2] Devices MUST NOT alter the lifecycle or lifecycle semantics of
20     a particular type of system component (such as Service, Activity, ContentProvider, etc.).
21*    [C-0-3] Devices MUST NOT change the semantics of a standard permission.
22*    Devices MUST NOT alter the limitations enforced on background applications.
23     More specifically, for background apps:
24     *    [C-0-4] they MUST stop executing callbacks that are registered by the
25          app to receive outputs from the [`GnssMeasurement`](
26          https://developer.android.com/reference/android/location/GnssMeasurement.html)
27          and [`GnssNavigationMessage`](
28          https://developer.android.com/reference/android/location/GnssNavigationMessage.html).
29     *    [C-0-5] they MUST rate-limit the frequency of updates that are
30          provided to the app through the [`LocationManager`](
31          https://developer.android.com/reference/android/location/LocationManager.html)
32          API class or the [`WifiManager.startScan()`](
33          https://developer.android.com/reference/android/net/wifi/WifiManager.html#startScan%28%29)
34          method.
35     *    [C-0-6] if the app is targeting API level 25 or higher, they MUST NOT
36          allow to register broadcast receivers for the implicit broadcasts of
37          standard Android intents in the app's manifest, unless the broadcast
38          intent requires a `"signature"` or `"signatureOrSystem"`
39          [`protectionLevel`](
40          https://developer.android.com/guide/topics/manifest/permission-element.html#plevel)
41          permission or are on the [exemption list](
42          https://developer.android.com/preview/features/background-broadcasts.html)
43          .
44     *    [C-0-7] if the app is targeting API level 25 or higher, they MUST stop
45          the app's background services, just as if the app had called the
46          services'[`stopSelf()`](
47          https://developer.android.com/reference/android/app/Service.html#stopSelf%28%29)
48          method, unless the app is placed on a temporary whitelist to handle a
49          task that's visible to the user.
50     *    [C-0-8] if the app is targeting API level 25 or higher, they MUST
51          release the wakelocks the app holds.
52*    [C-0-9] Devices MUST return the following security providers as the first
53     seven array values from the [`Security.getProviders()`](
54     https://developer.android.com/reference/java/security/Security.html#getProviders%28%29)
55     method, in the given order and with the given names (as returned by
56     [`Provider.getName()`](
57     https://developer.android.com/reference/java/security/Provider.html#getName%28%29))
58     and classes, unless the app has modified the list via
59     [`insertProviderAt()`](
60     https://developer.android.com/reference/java/security/Security.html#insertProviderAt%28java.security.Provider,%2520int%29)
61     or [`removeProvider()`](
62     https://developer.android.com/reference/java/security/Security.html#removeProvider%28java.lang.String%29). Devices
63     MAY return additional providers after the specified list of providers
64     below.
65     1. **AndroidNSSP** - `android.security.net.config.NetworkSecurityConfigProvider`
66     2. **AndroidOpenSSL** - `com.android.org.conscrypt.OpenSSLProvider`
67     3. **CertPathProvider** - `sun.security.provider.CertPathProvider`
68     4. **AndroidKeyStoreBCWorkaround** - `android.security.keystore.AndroidKeyStoreBCWorkaroundProvider`
69     5. **BC** - `com.android.org.bouncycastle.jce.provider.BouncyCastleProvider`
70     6. **HarmonyJSSE** - `com.android.org.conscrypt.JSSEProvider`
71     7. **AndroidKeyStore** - `android.security.keystore.AndroidKeyStoreProvider`
72
73The above list is not comprehensive. The Compatibility Test Suite (CTS) tests
74significant portions of the platform for behavioral compatibility, but not all.
75It is the responsibility of the implementer to ensure behavioral compatibility
76with the Android Open Source Project. For this reason, device implementers
77SHOULD use the source code available via the Android Open Source Project where
78possible, rather than re-implement significant parts of the system.
79
80## 3.5.1\. Background Restriction
81
82If device implementations implement the app restrictions that are included in
83AOSP or extend the app restrictions, they:
84
85*    [C-1-1] MUST provide user affordance where the user can see the list of
86restricted apps.
87*    [C-1-2] MUST provide user affordance to turn on / off the restrictions
88on each app.
89*    [C-1-3] MUST not automatically apply restrictions without evidence of poor
90system health behavior, but MAY apply the restrictions on apps upon detection
91of poor system health behavior like stuck wakelocks, long running services, and
92other criteria. The criteria MAY be determined by device implementers but MUST
93be related to the app’s impact on the system health. Other criteria that are not
94purely related to the system health, such as the app’s lack of popularity in
95the market, MUST NOT be used as criteria.
96*    [C-1-4] MUST not automatically apply app restrictions for apps when a user
97has turned off app restrictions manually, and MAY suggest the user to apply
98app restrictions.
99*    [C-1-5] MUST inform users if app restrictions are applied to an app
100automatically.
101*    [C-1-6] MUST return `true` for [`ActivityManager.isBackgroundRestricted()`](
102https://developer.android.com/reference/android/app/ActivityManager.html#isBackgroundRestricted%28%29)
103when the restricted app calls this API.
104*    [C-1-7] MUST NOT restrict the top foreground app that is explicitly used
105by the user.
106*    [C-1-8] MUST suspend restrictions on an app that becomes the top foreground
107application when the user explicitly starts to use the app that used to be
108restricted.
109*    [C-1-9] MUST report all app restriction events via [`UsageStats`](
110https://developer.android.com/reference/android/app/usage/UsageStats). If device
111implementations extend the app restrictions that are implemented in AOSP, MUST
112follow the implementation described in [this document](
113https://source.android.com/devices/tech/power/app_mgmt.html).
114