CDD: SD card encryption required for the primary external storage
Section: 9.5. Multi-User Support
The CDD language made sense until Android 4.3, where the only
"external storage APIs" were for the primary external storage.
However with Android 4.4 the definition of external storage APIs
became ambiguous as apps gained write access to app-specific
directories on secondary external storage devices.
The AOSP implementation of these APIs offers write access to the
secondary external storage only to the owner user, so it is worth
it to clarify that the encryption of the removable storage media
for Multi-User support is only required if the removable storage media
is used as the primary external (a.k.a. application shared) storage.
Bug: 22699648
Change-Id: Ie8568272eec05392998bcfe398e82ae9347fcb9c
diff --git a/src/compatibility/6.0/android-6.0-cdd.html b/src/compatibility/6.0/android-6.0-cdd.html
index ff17a2c..4dcd6c0 100644
--- a/src/compatibility/6.0/android-6.0-cdd.html
+++ b/src/compatibility/6.0/android-6.0-cdd.html
@@ -4884,8 +4884,8 @@
list, read, or write to data owned by any other user. Note that removable
media, such as SD card slots, can allow one user to access another’s data by
means of a host PC. For this reason, device implementations that use removable
-media for the external storage APIs MUST encrypt the contents of the SD card if
-multiuser is enabled using a key stored only on non-removable media accessible
+media for the primary external storage APIs MUST encrypt the contents of the SD
+card if multiuser is enabled using a key stored only on non-removable media accessible
only to the system. As this will make the media unreadable by a host PC, device
implementations will be required to switch to MTP or a similar system to
provide host PCs with access to the current user’s data. Accordingly, device
