With the launch of Android 9 Pie on Monday also came the release of its source code. Inside that code is new documentation on an interesting feature that allows for the modification of basic Android UI. This system, called SystemUI Plugins, will help in the design process of future releases of Android.
Introduced with Oreo, but now publicly documented with Pie, these plugins install as APKs and allow developers to fundamentally change the look and feel of the Android user interface. Some aspects available to be changed include Quick Settings, lock screen buttons, and the nav bar. In the early stages of the development of Android Pie’s new Gesture Navigation, SystemUI Plugins powered the feature.
Normally, to change these pieces, developers had to rebuild Android with every change. This was obviously an annoyance, especially when trying to make fine-grained changes. With SystemUI Plugins, these common design iterations can now take minutes instead of hours.
Now, this kind of modification of SystemUI could lead to a variety of subtle exploits that may not be visible to the user. Google is aware of this and has put two major security measures in place.
Whenever loading a code from another APK into a privileged process like SysUI, there are serious security concerns to be addressed. To handle this, plugins have a couple lines of defense to ensure these don’t create any security holes.
First, plugins will not load unless the Android installation is debuggable, which should rule out the overwhelming majority of Android users from activating SystemUI Plugins. For those who do build and debug Android, the “second line of defense” is that plugins have to be signed with the same key used to sign your Android build. This means that, so long as you’re not sharing keys, only you can create and use plugins on your device.
If that’s the case, who are these tools designed for? Google clearly primarily intended this for its own internal use, but it’s also possible it could one day be used by OEMs to add their own personal flair to stock Android. It seems, based on this documentation, that independent ROM developers may also be able to use SystemUI Plugins to speed up development of their own UI customizations.
These APIs, in their current state, are far too powerful to put in the hands of third-party developers. Perhaps with some iteration, these could become legitimate ways to introduce Substratum-like UI changes that users have long desired. For now, though, it looks like this primarily an internal tool.