• המשתמש חייב להיות מסוגל לעקוף באופן הוליסטי את התנהגות ברירת המחדל של קישורי האפליקציה כדי שאפליקציה תהיה פתוחה תמיד, שאל תמיד או לעולם לא פתוחה, מה שחייב לחול על כל מסנני כוונת URI המועמדים באופן שווה.
• המשתמש חייב להיות מסוגל לראות רשימה של מסנני כוונת URI המועמדים.
• הטמעת המכשיר עשויה לספק למשתמש את היכולת לעקוף מסנני כוונת URI מועמדים ספציפיים שאומתו בהצלחה, על בסיס מסנן לפי כוונה.
• הטמעת המכשיר חייבת לספק למשתמשים את היכולת להציג ולעקוף מסנני כוונת URI מועמדים ספציפיים אם הטמעת המכשיר מאפשרת לכמה מסנני כוונת URI מועמדים להצליח באימות בעוד שאחרים יכולים להיכשל.

The user agent string reported by the WebView MUST be in this format:

Mozilla/5.0 (Linux; Android $(VERSION); $(MODEL) Build/$(BUILD); wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 $(CHROMIUM_VER) Mobile Safari/537.36

• The value of the $(VERSION) string MUST be the same as the value for android.os.Build.VERSION.RELEASE.
• The value of the $(MODEL) string MUST be the same as the value for android.os.Build.MODEL.
• The value of the $(BUILD) string MUST be the same as the value for android.os.Build.ID.
• The value of the $(CHROMIUM_VER) string MUST be the version of Chromium in the upstream Android Open Source Project.
• Device implementations MAY omit Mobile in the user agent string.

• MUST report true for DevicePolicyManager.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE) .
• MUST enroll the DPC application as the Device Owner app in response to the intent action android.app.action.PROVISION_MANAGED_DEVICE .
• MUST enroll the DPC application as the Device Owner app if the device declares Near-Field Communications (NFC) support via the feature flag android.hardware.nfc and receives an NFC message containing a record with MIME type MIME_TYPE_PROVISIONING_NFC .

• MUST report false for the DevicePolicyManager.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE) .
• MUST not enroll any DPC application as the Device Owner App any more.

• Separate accounting for battery, location, mobile data and storage usage for the primary user and managed profile.
• Independent management of VPN Applications installed within the primary user or managed profile.
• Independent management of applications installed within the primary user or managed profile.
• Independent management of accounts within the primary user or managed profile.

• Device implementations MUST honor the DevicePolicyManager.ACTION_SET_NEW_PASSWORD intent and show an interface to configure a separate lock screen credential for the managed profile.
• The lock screen credentials of the managed profile MUST use the same credential storage and management mechanisms as the parent profile, as documented on the Android Open Source Project Site
• The DPC password policies MUST apply to only the managed profile's lock screen credentials unless called upon the DevicePolicyManager instance returned by getParentProfileInstance .

Device implementations (Android Automotive and Android Watch devices with no audio output excluded), MUST provide a user-accessible mechanism to enable and disable accessibility services, and MUST display this interface in response to the android.provider.Settings.ACTION_ACCESSIBILITY_SETTINGS intent.

Android device implementations with audio output are STRONGLY RECOMMENDED to provide implementations of accessibility services on the device comparable in or exceeding functionality of the TalkBack** and Switch Access accessibility services (https://github.com/google/talkback).

MUST support the core media formats specified in the Android SDK documentation, except where explicitly permitted in this document.

MUST support the media formats, encoders, decoders, file types, and container formats defined in the tables below and reported via MediaCodecList .

MUST also be able to decode all profiles reported in its CamcorderProfile

MUST be able to decode all formats it can encode. This includes all bitstreams that its encoders generate.

Codecs advertising HDR profile support MUST support HDR static metadata parsing and handling.

If a media codec advertises intra refresh support, then it MUST support the refresh periods in the range of 10 - 60 frames and accurately operate within 20% of configured refresh period.

Video codecs MUST support output and input bytebuffer sizes that accommodate the largest feasible compressed and uncompressed frame as dictated by the standard and configuration but also not overallocate.

Video encoders and decoders MUST support YUV420 flexible color format (COLOR_FormatYUV420Flexible).

MUST support dynamic video resolution and frame rate switching through the standard Android APIs within the same stream for all VP8, VP9, H.264, and H.265 codecs in real time and up to the maximum resolution supported by each codec on the device.

Implementations that support the Dolby Vision decoder—

MUST properly display Dolby Vision content on the device screen or on a standard video output port (eg, HDMI).

Implementations that provide a Dolby Vision-capable extractor MUST set the track index of backward-compatible base-layer(s) (if present) to be the same as the combined Dolby Vision layer's track index.

• MUST support High Profile Level 4.2 and the HD 1080p60 decoding profile.
• MUST be capable of decoding videos with both HD profiles as indicated in the following table and encoded with either the Baseline Profile, Main Profile, or the High Profile Level 4.2

In addition, Android Television devices:

• MUST support the HD 720p decoding profile.
• STRONGLY RECOMMENDED to support the HD 1080p decoding profile.
• SHOULD support the UHD decoding profile. If the UHD video decoding profile is supported, it MUST support 8-bit color depth and SHOULD support VP9 Profile 2 (10-bit).

HTTP(S) progressive streaming
All required codecs and container formats in section 5.1 MUST be supported over HTTP(S)

HTTP Live Streaming draft protocol, Version 7
The following media segment formats MUST be supported:

RTSP (RTP, SDP)

The following RTP audio video profile and related codecs MUST be supported. For exceptions please see the table footnotes in section 5.1 .

The device MUST exhibit approximately flat amplitude-versus-frequency characteristics in the mid-frequency range: specifically ±10dB from 100 Hz to 7000 Hz.

The device MUST exhibit amplitude levels in the low frequency range: specifically from ±20 dB from 5 Hz to 100 Hz compared to the mid-frequency range.

The device MUST exhibit amplitude levels in the high frequency range: specifically from ±30 dB from 7000 Hz to 22 KHz compared to the mid-frequency range.

Audio input sensitivity MUST be set such that a 1000 Hz sinusoidal tone source played at 94 dB Sound Pressure Level (SPL) yields a response with RMS of 520 for 16 bit-samples (or -36 dB Full Scale for floating point/double precision samples).

SNR > 60 dB (difference between 94 dB SPL and equivalent SPL of self noise, A-weighted).

Total harmonic distortion MUST be less than 1% for 1 kHZ at 90 dB SPL input level at the microphone.

The only signal processing allowed in the path is a level multiplier to bring the level to desired range. This level multiplier MUST NOT introduce delay or latency to the signal path.

No other signal processing is allowed in the path, such as Automatic Gain Control, High Pass Filter, or Echo Cancellation. If any signal processing is present in the architecture for any reason, it MUST be disabled and effectively introduce zero delay or extra latency to the signal path.

• Device implementations MUST support all adb functions as documented in the Android SDK including dumpsys .
• The device-side adb daemon MUST be inactive by default and there MUST be a user-accessible mechanism to turn on the Android Debug Bridge. If a device implementation omits USB peripheral mode, it MUST implement the Android Debug Bridge via local-area network (such as Ethernet or 802.11).
• Android includes support for secure adb. Secure adb enables adb on known authenticated hosts. Device implementations MUST support secure adb.

• Device implementations MUST support all ddms features as documented in the Android SDK.
• As ddms uses adb, support for ddms SHOULD be inactive by default, but MUST be supported whenever the user has activated the Android Debug Bridge, as above.

• Device implementations MUST support systrace tool as documented in the Android SDK. Systrace must be inactive by default, and there MUST be a user-accessible mechanism to turn on Systrace.
• Most Linux-based systems and Apple Macintosh systems recognize Android devices using the standard Android SDK tools, without additional support; however Microsoft Windows systems typically require a driver for new Android devices. (For instance, new vendor IDs and sometimes new device IDs require custom USB drivers for Windows systems.)
• If a device implementation is unrecognized by the adb tool as provided in the standard Android SDK, device implementers MUST provide Windows drivers allowing developers to connect to the device using the adb protocol. These drivers MUST be provided for Windows XP, Windows Vista, Windows 7, Windows 8, and Windows 10 in both 32-bit and 64-bit versions.

• After making such a location calculation, it is STRONGLY RECOMMENDED for the device to be able to determine its location, in open sky, within 10 seconds, when location requests are restarted, up to an hour after the initial location calculation, even when the subsequent request is made without a data connection, and/or after a power cycle.

• It MUST be able to determine location within 20 meters, and speed within 0.5 meters per second, at least 95% of the time.
• It MUST simultaneously track and report via GnssStatus.Callback at least 8 satellites from one constellation.
• It SHOULD be able to simultaneously track at least 24 satellites, from multiple constellations (eg GPS + at least one of Glonass, Beidou, Galileo).

• It MUST report GPS measurements, as soon as they are found, even if a location calculated from GPS/GNSS is not yet reported.
• It MUST report GPS pseudoranges and pseudorange rates, that, in open-sky conditions after determining the location, while stationary or moving with less than 0.2 meter per second squared of acceleration, are sufficient to calculate position within 20 meters, and speed within 0.2 meters per second, at least 95% of the time.

• MUST have a measurement range between at least -8g and +8g.
• MUST have a measurement resolution of at least 1024 LSB/G.
• MUST have a minimum measurement frequency of 12.5 Hz or lower.
• MUST have a maximum measurement frequency of 400 Hz or higher.
• MUST have a measurement noise not above 400 uG/√Hz.
• MUST implement a non-wake-up form of this sensor with a buffering capability of at least 3000 sensor events.
• MUST have a batching power consumption not worse than 3 mW.
• SHOULD have a stationary noise bias stability of \<15 μg √Hz from 24hr static dataset.
• SHOULD have a bias change vs. temperature of ≤ +/- 1mg / °C.
• SHOULD have a best-fit line non-linearity of ≤ 0.5%, and sensitivity change vs. temperature of ≤ 0.03%/C°.

SENSOR_TYPE_GYROSCOPE

• MUST have a measurement range between at least -1000 and +1000 dps.
• MUST have a measurement resolution of at least 16 LSB/dps.
• MUST have a minimum measurement frequency of 12.5 Hz or lower.
• MUST have a maximum measurement frequency of 400 Hz or higher.
• MUST have a measurement noise not above 0.014°/s/√Hz.
• SHOULD have a stationary bias stability of < 0.0002 °/s √Hz from 24-hour static dataset.
• SHOULD have a bias change vs. temperature of ≤ +/- 0.05 °/ s / °C.
• SHOULD have a sensitivity change vs. temperature of ≤ 0.02% / °C.
• SHOULD have a best-fit line non-linearity of ≤ 0.2%.
• SHOULD have a noise density of ≤ 0.007 °/s/√Hz.

SENSOR_TYPE_GYROSCOPE_UNCALIBRATED with the same quality requirements as SENSOR_TYPE_GYROSCOPE.

• MUST have a measurement range between at least -900 and +900 uT.
• MUST have a measurement resolution of at least 5 LSB/uT.
• MUST have a minimum measurement frequency of 5 Hz or lower.
• MUST have a maximum measurement frequency of 50 Hz or higher.
• MUST have a measurement noise not above 0.5 uT.

• MUST implement a non-wake-up form of this sensor with a buffering capability of at least 600 sensor events.

• MUST have a measurement range between at least 300 and 1100 hPa.
• MUST have a measurement resolution of at least 80 LSB/hPa.
• MUST have a minimum measurement frequency of 1 Hz or lower.
• MUST have a maximum measurement frequency of 10 Hz or higher.
• MUST have a measurement noise not above 2 Pa/√Hz.
• MUST implement a non-wake-up form of this sensor with a buffering capability of at least 300 sensor events.
• MUST have a batching power consumption not worse than 2 mW.

• MUST implement a non-wake-up form of this sensor with a buffering capability of at least 300 sensor events.
• MUST have a batching power consumption not worse than 4 mW.

• MUST have a power consumption not worse than 0.5 mW when device is static and 1.5 mW when device is moving.

• MUST implement a non-wake-up form of this sensor with a buffering capability of at least 100 sensor events.
• MUST have a power consumption not worse than 0.5 mW when device is static and 1.5 mW when device is moving.
• MUST have a batching power consumption not worse than 4 mW.

• MUST have a power consumption not worse than 0.5 mW when device is static and 1.5 mW when device is moving.

• MUST have a power consumption not worse than 0.5 mW when device is static and 1.5 mW when device is moving.

• SENSOR_TYPE_SIGNIFICANT_MOTION
• SENSOR_TYPE_STEP_DETECTOR
• SENSOR_TYPE_STEP_COUNTER
• SENSOR_TILT_DETECTORS

• Even when the screen is not in an active state.
• For Android Television device implementations, even when in standby power states.

• MUST be capable of acting as an NFC Forum reader/writer (as defined by the NFC Forum technical specification NFCForum-TS-DigitalProtocol-1.0) via the following NFC standards:
  • NfcA (ISO14443-3A)
  • NfcB (ISO14443-3B)
  • NfcF (JIS X 6319-4)
  • IsoDep (ISO 14443-4)
  • NFC Forum Tag Types 1, 2, 3, 4 (defined by the NFC Forum)
• STRONGLY RECOMMENDED to be capable of reading and writing NDEF messages as well as raw data via the following NFC standards. Note that while the NFC standards below are stated as STRONGLY RECOMMENDED, the Compatibility Definition for a future version is planned to change these to MUST. These standards are optional in this version but will be required in future versions. Existing and new devices that run this version of Android are very strongly encouraged to meet these requirements now so they will be able to upgrade to the future platform releases.
  • NfcV (ISO 15693)
• SHOULD be capable of reading the barcode and URL (if encoded) of Thinfilm NFC Barcode products.
• MUST be capable of transmitting and receiving data via the following peer-to-peer standards and protocols:
  • ISO 18092
  • LLCP 1.2 (defined by the NFC Forum)
  • SDP 1.0 (defined by the NFC Forum)
  • NDEF Push Protocol
  • SNEP 1.0 (defined by the NFC Forum)
• MUST include support for Android Beam .
• MUST implement the SNEP default server. Valid NDEF messages received by the default SNEP server MUST be dispatched to applications using the android.nfc.ACTION_NDEF_DISCOVERED intent. Disabling Android Beam in settings MUST NOT disable dispatch of incoming NDEF message.
• MUST honor the android.settings.NFCSHARING_SETTINGS intent to show NFC sharing settings .
• MUST implement the NPP server. Messages received by the NPP server MUST be processed the same way as the SNEP default server.
• MUST implement a SNEP client and attempt to send outbound P2P NDEF to the default SNEP server when Android Beam is enabled. If no default SNEP server is found then the client MUST attempt to send to an NPP server.
• MUST allow foreground activities to set the outbound P2P NDEF message using android.nfc.NfcAdapter.setNdefPushMessage, and android.nfc.NfcAdapter.setNdefPushMessageCallback, and android.nfc.NfcAdapter.enableForegroundNdefPush.
• SHOULD use a gesture or on-screen confirmation, such as 'Touch to Beam', before sending outbound P2P NDEF messages.
• SHOULD enable Android Beam by default and MUST be able to send and receive using Android Beam, even when another proprietary NFC P2p mode is turned on.
• MUST support NFC Connection handover to Bluetooth when the device supports Bluetooth Object Push Profile. Device implementations MUST support connection handover to Bluetooth when using android.nfc.NfcAdapter.setBeamPushUris, by implementing the “ Connection Handover version 1.2 ” and “ Bluetooth Secure Simple Pairing Using NFC version 1.0 ” specs from the NFC Forum. Such an implementation MUST implement the handover LLCP service with service name “urn:nfc:sn:handover” for exchanging the handover request/select records over NFC, and it MUST use the Bluetooth Object Push Profile for the actual Bluetooth data transfer. For legacy reasons (to remain compatible with Android 4.1 devices), the implementation SHOULD still accept SNEP GET requests for exchanging the handover request/select records over NFC. However an implementation itself SHOULD NOT send SNEP GET requests for performing connection handover.
• MUST poll for all supported technologies while in NFC discovery mode.
• SHOULD be in NFC discovery mode while the device is awake with the screen active and the lock-screen unlocked.

MUST support all the APIs in the ConnectivityManager class as described in the SDK documentation

MUST provide a user interface in the settings, allowing users to add applications to or remove applications from the allowlist.

MUST return the value RESTRICT_BACKGROUND_STATUS_DISABLED for ConnectivityManager.getRestrictBackgroundStatus()

MUST not broadcast ConnectivityManager.ACTION_RESTRICT_BACKGROUND_CHANGED

MUST have an activity that handles the Settings.ACTION_IGNORE_BACKGROUND_DATA_RESTRICTIONS_SETTINGS intent but MAY implement it as a no-op.

• If the device implementation is capable of being rotated by user (such as automatically via an accelerometer or manually via user input), the camera preview MUST be mirrored horizontally relative to the device's current orientation.
• If the current application has explicitly requested that the Camera display be rotated via a call to the android.hardware.Camera.setDisplayOrientation() method, the camera preview MUST be mirrored horizontally relative to the orientation specified by the application.
• Otherwise, the preview MUST be mirrored along the device's default horizontal axis.

• MUST declare support for the hardware feature android.hardware.usb.accessory .
• MUST implement the USB audio class as documented in the Android SDK documentation.
• The USB mass storage class MUST include the string "android" at the end of the interface description iInterface string of the USB mass storage

• 70 ohm or less : KEYCODE_HEADSETHOOK
• 210-290 Ohm : KEYCODE_VOLUME_UP
• 360-680 Ohm : KEYCODE_VOLUME_DOWN

• 110-180 Ohm: KEYCODE_VOICE_ASSIST

• The microphone's mean power response in the 18.5 kHz to 20 kHz band MUST be no more than 15 dB below the response at 2 kHz.
• The microphone's unweighted signal to noise ratio over 18.5 kHz to 20 kHz for a 19 kHz tone at -26 dBFS MUST be no lower than 50 dB.

• MUST provide a per-component power profile that defines the current consumption value for each hardware component and the approximate battery drain caused by the components over time as documented in the Android Open Source Project site.
• MUST report all power consumption values in milliampere hours (mAh).
• SHOULD be attributed to the hardware component itself if unable to attribute hardware component power usage to an application.
• MUST report CPU power consumption per each process's UID. The Android Open Source Project meets the requirement through the uid_cputime kernel module implementation.

• the user's consent can be obtained before the application uses it
• the runtime permissions are associated with an intent pattern for which the preinstalled application is set as the default handler

• MUST have hardware backed implementations of RSA, AES, ECDSA and HMAC cryptographic algorithms and MD5, SHA1, SHA-2 Family hash functions to properly support the Android Keystore system's supported algorithms .
• MUST perform the lock screen authentication in the secure hardware and only when successful allow the authentication-bound keys to be used. The upstream Android Open Source Project provides the Gatekeeper Hardware Abstraction Layer (HAL) that can be used to satisfy this requirement.

• The entropy of the shortest allowed length of inputs MUST be greater than 10 bits.
• The maximum entropy of all possible inputs MUST be greater than 18 bits.
• MUST not replace any of the existing authentication methods (PIN, pattern, password) implemented and provided in AOSP.
• MUST be disabled when the Device Policy Controller (DPC) application has set the password quality policy via the DevicePolicyManager.setPasswordQuality() method with a more restrictive quality constant than PASSWORD_QUALITY_SOMETHING .

• It MUST have a fall-back mechanism to use one of the primary authentication methods which is based on a known secret and meets the requirements to be treated as a secure lock screen.
• It MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the policy with either the DevicePolicyManager.setKeyguardDisabledFeatures(KEYGUARD_DISABLE_TRUST_AGENTS) method or the DevicePolicyManager.setPasswordQuality() method with a more restrictive quality constant than PASSWORD_QUALITY_UNSPECIFIED .

• It MUST have a fall-back mechanism to use one of the primary authentication methods which is based on a known secret and meets the requirements to be treated as a secure lock screen.
• It MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the keguard feature policy by calling the method DevicePolicyManager.setKeyguardDisabledFeatures(KEYGUARD_DISABLE_FINGERPRINT) .
• It MUST have a false acceptance rate that is equal or stronger than what is required for a fingerprint sensor as described in section 7.3.10, or otherwise MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the password quality policy via the DevicePolicyManager.setPasswordQuality() method with a more restrictive quality constant than PASSWORD_QUALITY_BIOMETRIC_WEAK .

• MUST return false for both the KeyguardManager.isKeyguardSecure() and the KeyguardManager.isDeviceSecure() methods.
• MUST be disabled when the Device Policy Controller (DPC) application has set the password quality policy via the DevicePolicyManager.setPasswordQuality() method with a more restrictive quality constant than PASSWORD_QUALITY_UNSPECIFIED .
• MUST NOT reset the password expiration timers set by DevicePolicyManager.setPasswordExpirationTimeout() .
• MUST NOT authenticate access to keystores if the application has called KeyGenParameterSpec.Builder.setUserAuthenticationRequired(true) ).

• MUST NOT reset the password expiration timers set by DevicePolicyManager.setPasswordExpirationTimeout() .
• MUST NOT authenticate access to keystores if the application has called KeyGenParameterSpec.Builder.setUserAuthenticationRequired(true) .

Device implementations SHOULD provide the user an option to enter Safe Boot Mode from the boot menu which is reachable through a workflow that is different from that of normal boot.

Device implementations MUST provide the user an option to enter Safe Boot Mode in such a way that is uninterruptible from third-party apps installed on the device, except for when the third party app is a Device Policy Controller and has set the UserManager.DISALLOW_SAFE_BOOT flag as true.

Device implementations MUST provide the user the capability to uninstall any third-party apps within Safe Mode.

CDD
Substantive changes to the compatibility requirements.

Docs
Cosmetic or build related changes.

• The user MUST be able to override holistically the default app links behavior for an app to be: always open, always ask, or never open, which must apply to all candidate URI intent filters equally.
• The user MUST be able to see a list of the candidate URI intent filters.
• The device implementation MAY provide the user with the ability to override specific candidate URI intent filters that were successfully verified, on a per-intent filter basis.
• The device implementation MUST provide users with the ability to view and override specific candidate URI intent filters if the device implementation lets some candidate URI intent filters succeed verification while some others can fail.

The user agent string reported by the WebView MUST be in this format:

Mozilla/5.0 (Linux; Android $(VERSION); $(MODEL) Build/$(BUILD); wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 $(CHROMIUM_VER) Mobile Safari/537.36

• The value of the $(VERSION) string MUST be the same as the value for android.os.Build.VERSION.RELEASE.
• The value of the $(MODEL) string MUST be the same as the value for android.os.Build.MODEL.
• The value of the $(BUILD) string MUST be the same as the value for android.os.Build.ID.
• The value of the $(CHROMIUM_VER) string MUST be the version of Chromium in the upstream Android Open Source Project.
• Device implementations MAY omit Mobile in the user agent string.

• MUST report true for DevicePolicyManager.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE) .
• MUST enroll the DPC application as the Device Owner app in response to the intent action android.app.action.PROVISION_MANAGED_DEVICE .
• MUST enroll the DPC application as the Device Owner app if the device declares Near-Field Communications (NFC) support via the feature flag android.hardware.nfc and receives an NFC message containing a record with MIME type MIME_TYPE_PROVISIONING_NFC .

• MUST report false for the DevicePolicyManager.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE) .
• MUST not enroll any DPC application as the Device Owner App any more.

• Separate accounting for battery, location, mobile data and storage usage for the primary user and managed profile.
• Independent management of VPN Applications installed within the primary user or managed profile.
• Independent management of applications installed within the primary user or managed profile.
• Independent management of accounts within the primary user or managed profile.

• Device implementations MUST honor the DevicePolicyManager.ACTION_SET_NEW_PASSWORD intent and show an interface to configure a separate lock screen credential for the managed profile.
• The lock screen credentials of the managed profile MUST use the same credential storage and management mechanisms as the parent profile, as documented on the Android Open Source Project Site
• The DPC password policies MUST apply to only the managed profile's lock screen credentials unless called upon the DevicePolicyManager instance returned by getParentProfileInstance .

Device implementations (Android Automotive and Android Watch devices with no audio output excluded), MUST provide a user-accessible mechanism to enable and disable accessibility services, and MUST display this interface in response to the android.provider.Settings.ACTION_ACCESSIBILITY_SETTINGS intent.

Android device implementations with audio output are STRONGLY RECOMMENDED to provide implementations of accessibility services on the device comparable in or exceeding functionality of the TalkBack** and Switch Access accessibility services (https://github.com/google/talkback).

MUST support the core media formats specified in the Android SDK documentation, except where explicitly permitted in this document.

MUST support the media formats, encoders, decoders, file types, and container formats defined in the tables below and reported via MediaCodecList .

MUST also be able to decode all profiles reported in its CamcorderProfile

MUST be able to decode all formats it can encode. This includes all bitstreams that its encoders generate.

Codecs advertising HDR profile support MUST support HDR static metadata parsing and handling.

If a media codec advertises intra refresh support, then it MUST support the refresh periods in the range of 10 - 60 frames and accurately operate within 20% of configured refresh period.

Video codecs MUST support output and input bytebuffer sizes that accommodate the largest feasible compressed and uncompressed frame as dictated by the standard and configuration but also not overallocate.

Video encoders and decoders MUST support YUV420 flexible color format (COLOR_FormatYUV420Flexible).

MUST support dynamic video resolution and frame rate switching through the standard Android APIs within the same stream for all VP8, VP9, H.264, and H.265 codecs in real time and up to the maximum resolution supported by each codec on the device.

Implementations that support the Dolby Vision decoder—

MUST properly display Dolby Vision content on the device screen or on a standard video output port (eg, HDMI).

Implementations that provide a Dolby Vision-capable extractor MUST set the track index of backward-compatible base-layer(s) (if present) to be the same as the combined Dolby Vision layer's track index.

• MUST support High Profile Level 4.2 and the HD 1080p60 decoding profile.
• MUST be capable of decoding videos with both HD profiles as indicated in the following table and encoded with either the Baseline Profile, Main Profile, or the High Profile Level 4.2

In addition, Android Television devices:

• MUST support the HD 720p decoding profile.
• STRONGLY RECOMMENDED to support the HD 1080p decoding profile.
• SHOULD support the UHD decoding profile. If the UHD video decoding profile is supported, it MUST support 8-bit color depth and SHOULD support VP9 Profile 2 (10-bit).

HTTP(S) progressive streaming
All required codecs and container formats in section 5.1 MUST be supported over HTTP(S)

HTTP Live Streaming draft protocol, Version 7
The following media segment formats MUST be supported:

RTSP (RTP, SDP)

The following RTP audio video profile and related codecs MUST be supported. For exceptions please see the table footnotes in section 5.1 .

The device MUST exhibit approximately flat amplitude-versus-frequency characteristics in the mid-frequency range: specifically ±10dB from 100 Hz to 7000 Hz.

The device MUST exhibit amplitude levels in the low frequency range: specifically from ±20 dB from 5 Hz to 100 Hz compared to the mid-frequency range.

The device MUST exhibit amplitude levels in the high frequency range: specifically from ±30 dB from 7000 Hz to 22 KHz compared to the mid-frequency range.

Audio input sensitivity MUST be set such that a 1000 Hz sinusoidal tone source played at 94 dB Sound Pressure Level (SPL) yields a response with RMS of 520 for 16 bit-samples (or -36 dB Full Scale for floating point/double precision samples).

SNR > 60 dB (difference between 94 dB SPL and equivalent SPL of self noise, A-weighted).

Total harmonic distortion MUST be less than 1% for 1 kHZ at 90 dB SPL input level at the microphone.

The only signal processing allowed in the path is a level multiplier to bring the level to desired range. This level multiplier MUST NOT introduce delay or latency to the signal path.

No other signal processing is allowed in the path, such as Automatic Gain Control, High Pass Filter, or Echo Cancellation. If any signal processing is present in the architecture for any reason, it MUST be disabled and effectively introduce zero delay or extra latency to the signal path.

• Device implementations MUST support all adb functions as documented in the Android SDK including dumpsys .
• The device-side adb daemon MUST be inactive by default and there MUST be a user-accessible mechanism to turn on the Android Debug Bridge. If a device implementation omits USB peripheral mode, it MUST implement the Android Debug Bridge via local-area network (such as Ethernet or 802.11).
• Android includes support for secure adb. Secure adb enables adb on known authenticated hosts. Device implementations MUST support secure adb.

• Device implementations MUST support all ddms features as documented in the Android SDK.
• As ddms uses adb, support for ddms SHOULD be inactive by default, but MUST be supported whenever the user has activated the Android Debug Bridge, as above.

• Device implementations MUST support systrace tool as documented in the Android SDK. Systrace must be inactive by default, and there MUST be a user-accessible mechanism to turn on Systrace.
• Most Linux-based systems and Apple Macintosh systems recognize Android devices using the standard Android SDK tools, without additional support; however Microsoft Windows systems typically require a driver for new Android devices. (For instance, new vendor IDs and sometimes new device IDs require custom USB drivers for Windows systems.)
• If a device implementation is unrecognized by the adb tool as provided in the standard Android SDK, device implementers MUST provide Windows drivers allowing developers to connect to the device using the adb protocol. These drivers MUST be provided for Windows XP, Windows Vista, Windows 7, Windows 8, and Windows 10 in both 32-bit and 64-bit versions.

• After making such a location calculation, it is STRONGLY RECOMMENDED for the device to be able to determine its location, in open sky, within 10 seconds, when location requests are restarted, up to an hour after the initial location calculation, even when the subsequent request is made without a data connection, and/or after a power cycle.

• It MUST be able to determine location within 20 meters, and speed within 0.5 meters per second, at least 95% of the time.
• It MUST simultaneously track and report via GnssStatus.Callback at least 8 satellites from one constellation.
• It SHOULD be able to simultaneously track at least 24 satellites, from multiple constellations (eg GPS + at least one of Glonass, Beidou, Galileo).

• It MUST report GPS measurements, as soon as they are found, even if a location calculated from GPS/GNSS is not yet reported.
• It MUST report GPS pseudoranges and pseudorange rates, that, in open-sky conditions after determining the location, while stationary or moving with less than 0.2 meter per second squared of acceleration, are sufficient to calculate position within 20 meters, and speed within 0.2 meters per second, at least 95% of the time.

• MUST have a measurement range between at least -8g and +8g.
• MUST have a measurement resolution of at least 1024 LSB/G.
• MUST have a minimum measurement frequency of 12.5 Hz or lower.
• MUST have a maximum measurement frequency of 400 Hz or higher.
• MUST have a measurement noise not above 400 uG/√Hz.
• MUST implement a non-wake-up form of this sensor with a buffering capability of at least 3000 sensor events.
• MUST have a batching power consumption not worse than 3 mW.
• SHOULD have a stationary noise bias stability of \<15 μg √Hz from 24hr static dataset.
• SHOULD have a bias change vs. temperature of ≤ +/- 1mg / °C.
• SHOULD have a best-fit line non-linearity of ≤ 0.5%, and sensitivity change vs. temperature of ≤ 0.03%/C°.

SENSOR_TYPE_GYROSCOPE

• MUST have a measurement range between at least -1000 and +1000 dps.
• MUST have a measurement resolution of at least 16 LSB/dps.
• MUST have a minimum measurement frequency of 12.5 Hz or lower.
• MUST have a maximum measurement frequency of 400 Hz or higher.
• MUST have a measurement noise not above 0.014°/s/√Hz.
• SHOULD have a stationary bias stability of < 0.0002 °/s √Hz from 24-hour static dataset.
• SHOULD have a bias change vs. temperature of ≤ +/- 0.05 °/ s / °C.
• SHOULD have a sensitivity change vs. temperature of ≤ 0.02% / °C.
• SHOULD have a best-fit line non-linearity of ≤ 0.2%.
• SHOULD have a noise density of ≤ 0.007 °/s/√Hz.

SENSOR_TYPE_GYROSCOPE_UNCALIBRATED with the same quality requirements as SENSOR_TYPE_GYROSCOPE.

• MUST have a measurement range between at least -900 and +900 uT.
• MUST have a measurement resolution of at least 5 LSB/uT.
• MUST have a minimum measurement frequency of 5 Hz or lower.
• MUST have a maximum measurement frequency of 50 Hz or higher.
• MUST have a measurement noise not above 0.5 uT.

• MUST implement a non-wake-up form of this sensor with a buffering capability of at least 600 sensor events.

• MUST have a measurement range between at least 300 and 1100 hPa.
• MUST have a measurement resolution of at least 80 LSB/hPa.
• MUST have a minimum measurement frequency of 1 Hz or lower.
• MUST have a maximum measurement frequency of 10 Hz or higher.
• MUST have a measurement noise not above 2 Pa/√Hz.
• MUST implement a non-wake-up form of this sensor with a buffering capability of at least 300 sensor events.
• MUST have a batching power consumption not worse than 2 mW.

• MUST implement a non-wake-up form of this sensor with a buffering capability of at least 300 sensor events.
• MUST have a batching power consumption not worse than 4 mW.

• MUST have a power consumption not worse than 0.5 mW when device is static and 1.5 mW when device is moving.

• MUST implement a non-wake-up form of this sensor with a buffering capability of at least 100 sensor events.
• MUST have a power consumption not worse than 0.5 mW when device is static and 1.5 mW when device is moving.
• MUST have a batching power consumption not worse than 4 mW.

• MUST have a power consumption not worse than 0.5 mW when device is static and 1.5 mW when device is moving.

• MUST have a power consumption not worse than 0.5 mW when device is static and 1.5 mW when device is moving.

• SENSOR_TYPE_SIGNIFICANT_MOTION
• SENSOR_TYPE_STEP_DETECTOR
• SENSOR_TYPE_STEP_COUNTER
• SENSOR_TILT_DETECTORS

• Even when the screen is not in an active state.
• For Android Television device implementations, even when in standby power states.

• MUST be capable of acting as an NFC Forum reader/writer (as defined by the NFC Forum technical specification NFCForum-TS-DigitalProtocol-1.0) via the following NFC standards:
  • NfcA (ISO14443-3A)
  • NfcB (ISO14443-3B)
  • NfcF (JIS X 6319-4)
  • IsoDep (ISO 14443-4)
  • NFC Forum Tag Types 1, 2, 3, 4 (defined by the NFC Forum)
• STRONGLY RECOMMENDED to be capable of reading and writing NDEF messages as well as raw data via the following NFC standards. Note that while the NFC standards below are stated as STRONGLY RECOMMENDED, the Compatibility Definition for a future version is planned to change these to MUST. These standards are optional in this version but will be required in future versions. Existing and new devices that run this version of Android are very strongly encouraged to meet these requirements now so they will be able to upgrade to the future platform releases.
  • NfcV (ISO 15693)
• SHOULD be capable of reading the barcode and URL (if encoded) of Thinfilm NFC Barcode products.
• MUST be capable of transmitting and receiving data via the following peer-to-peer standards and protocols:
  • ISO 18092
  • LLCP 1.2 (defined by the NFC Forum)
  • SDP 1.0 (defined by the NFC Forum)
  • NDEF Push Protocol
  • SNEP 1.0 (defined by the NFC Forum)
• MUST include support for Android Beam .
• MUST implement the SNEP default server. Valid NDEF messages received by the default SNEP server MUST be dispatched to applications using the android.nfc.ACTION_NDEF_DISCOVERED intent. Disabling Android Beam in settings MUST NOT disable dispatch of incoming NDEF message.
• MUST honor the android.settings.NFCSHARING_SETTINGS intent to show NFC sharing settings .
• MUST implement the NPP server. Messages received by the NPP server MUST be processed the same way as the SNEP default server.
• MUST implement a SNEP client and attempt to send outbound P2P NDEF to the default SNEP server when Android Beam is enabled. If no default SNEP server is found then the client MUST attempt to send to an NPP server.
• MUST allow foreground activities to set the outbound P2P NDEF message using android.nfc.NfcAdapter.setNdefPushMessage, and android.nfc.NfcAdapter.setNdefPushMessageCallback, and android.nfc.NfcAdapter.enableForegroundNdefPush.
• SHOULD use a gesture or on-screen confirmation, such as 'Touch to Beam', before sending outbound P2P NDEF messages.
• SHOULD enable Android Beam by default and MUST be able to send and receive using Android Beam, even when another proprietary NFC P2p mode is turned on.
• MUST support NFC Connection handover to Bluetooth when the device supports Bluetooth Object Push Profile. Device implementations MUST support connection handover to Bluetooth when using android.nfc.NfcAdapter.setBeamPushUris, by implementing the “ Connection Handover version 1.2 ” and “ Bluetooth Secure Simple Pairing Using NFC version 1.0 ” specs from the NFC Forum. Such an implementation MUST implement the handover LLCP service with service name “urn:nfc:sn:handover” for exchanging the handover request/select records over NFC, and it MUST use the Bluetooth Object Push Profile for the actual Bluetooth data transfer. For legacy reasons (to remain compatible with Android 4.1 devices), the implementation SHOULD still accept SNEP GET requests for exchanging the handover request/select records over NFC. However an implementation itself SHOULD NOT send SNEP GET requests for performing connection handover.
• MUST poll for all supported technologies while in NFC discovery mode.
• SHOULD be in NFC discovery mode while the device is awake with the screen active and the lock-screen unlocked.

MUST support all the APIs in the ConnectivityManager class as described in the SDK documentation

MUST provide a user interface in the settings, allowing users to add applications to or remove applications from the allowlist.

MUST return the value RESTRICT_BACKGROUND_STATUS_DISABLED for ConnectivityManager.getRestrictBackgroundStatus()

MUST not broadcast ConnectivityManager.ACTION_RESTRICT_BACKGROUND_CHANGED

MUST have an activity that handles the Settings.ACTION_IGNORE_BACKGROUND_DATA_RESTRICTIONS_SETTINGS intent but MAY implement it as a no-op.

• If the device implementation is capable of being rotated by user (such as automatically via an accelerometer or manually via user input), the camera preview MUST be mirrored horizontally relative to the device's current orientation.
• If the current application has explicitly requested that the Camera display be rotated via a call to the android.hardware.Camera.setDisplayOrientation() method, the camera preview MUST be mirrored horizontally relative to the orientation specified by the application.
• Otherwise, the preview MUST be mirrored along the device's default horizontal axis.

• MUST declare support for the hardware feature android.hardware.usb.accessory .
• MUST implement the USB audio class as documented in the Android SDK documentation.
• The USB mass storage class MUST include the string "android" at the end of the interface description iInterface string of the USB mass storage

• 70 ohm or less : KEYCODE_HEADSETHOOK
• 210-290 Ohm : KEYCODE_VOLUME_UP
• 360-680 Ohm : KEYCODE_VOLUME_DOWN

• 110-180 Ohm: KEYCODE_VOICE_ASSIST

• The microphone's mean power response in the 18.5 kHz to 20 kHz band MUST be no more than 15 dB below the response at 2 kHz.
• The microphone's unweighted signal to noise ratio over 18.5 kHz to 20 kHz for a 19 kHz tone at -26 dBFS MUST be no lower than 50 dB.

• MUST provide a per-component power profile that defines the current consumption value for each hardware component and the approximate battery drain caused by the components over time as documented in the Android Open Source Project site.
• MUST report all power consumption values in milliampere hours (mAh).
• SHOULD be attributed to the hardware component itself if unable to attribute hardware component power usage to an application.
• MUST report CPU power consumption per each process's UID. The Android Open Source Project meets the requirement through the uid_cputime kernel module implementation.

• the user's consent can be obtained before the application uses it
• the runtime permissions are associated with an intent pattern for which the preinstalled application is set as the default handler

• MUST have hardware backed implementations of RSA, AES, ECDSA and HMAC cryptographic algorithms and MD5, SHA1, SHA-2 Family hash functions to properly support the Android Keystore system's supported algorithms .
• MUST perform the lock screen authentication in the secure hardware and only when successful allow the authentication-bound keys to be used. The upstream Android Open Source Project provides the Gatekeeper Hardware Abstraction Layer (HAL) that can be used to satisfy this requirement.

• The entropy of the shortest allowed length of inputs MUST be greater than 10 bits.
• The maximum entropy of all possible inputs MUST be greater than 18 bits.
• MUST not replace any of the existing authentication methods (PIN, pattern, password) implemented and provided in AOSP.
• MUST be disabled when the Device Policy Controller (DPC) application has set the password quality policy via the DevicePolicyManager.setPasswordQuality() method with a more restrictive quality constant than PASSWORD_QUALITY_SOMETHING .

• It MUST have a fall-back mechanism to use one of the primary authentication methods which is based on a known secret and meets the requirements to be treated as a secure lock screen.
• It MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the policy with either the DevicePolicyManager.setKeyguardDisabledFeatures(KEYGUARD_DISABLE_TRUST_AGENTS) method or the DevicePolicyManager.setPasswordQuality() method with a more restrictive quality constant than PASSWORD_QUALITY_UNSPECIFIED .

• It MUST have a fall-back mechanism to use one of the primary authentication methods which is based on a known secret and meets the requirements to be treated as a secure lock screen.
• It MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the keguard feature policy by calling the method DevicePolicyManager.setKeyguardDisabledFeatures(KEYGUARD_DISABLE_FINGERPRINT) .
• It MUST have a false acceptance rate that is equal or stronger than what is required for a fingerprint sensor as described in section 7.3.10, or otherwise MUST be disabled and only allow the primary authentication to unlock the screen when the Device Policy Controller (DPC) application has set the password quality policy via the DevicePolicyManager.setPasswordQuality() method with a more restrictive quality constant than PASSWORD_QUALITY_BIOMETRIC_WEAK .

• MUST return false for both the KeyguardManager.isKeyguardSecure() and the KeyguardManager.isDeviceSecure() methods.
• MUST be disabled when the Device Policy Controller (DPC) application has set the password quality policy via the DevicePolicyManager.setPasswordQuality() method with a more restrictive quality constant than PASSWORD_QUALITY_UNSPECIFIED .
• MUST NOT reset the password expiration timers set by DevicePolicyManager.setPasswordExpirationTimeout() .
• MUST NOT authenticate access to keystores if the application has called KeyGenParameterSpec.Builder.setUserAuthenticationRequired(true) ).

• MUST NOT reset the password expiration timers set by DevicePolicyManager.setPasswordExpirationTimeout() .
• MUST NOT authenticate access to keystores if the application has called KeyGenParameterSpec.Builder.setUserAuthenticationRequired(true) .

Device implementations SHOULD provide the user an option to enter Safe Boot Mode from the boot menu which is reachable through a workflow that is different from that of normal boot.

Device implementations MUST provide the user an option to enter Safe Boot Mode in such a way that is uninterruptible from third-party apps installed on the device, except for when the third party app is a Device Policy Controller and has set the UserManager.DISALLOW_SAFE_BOOT flag as true.

Device implementations MUST provide the user the capability to uninstall any third-party apps within Safe Mode.

CDD
Substantive changes to the compatibility requirements.

Docs
Cosmetic or build related changes.