Define compatible Android API versions

[mtrezza]

New Feature / Enhancement Checklist

• [x] I am not disclosing a vulnerability.
• [x] I am not just asking a question.
• [x] I have searched through existing issues.

Current Limitation

There are no rules for:

• how long Android API versions should be supported
• which Android version should be targeted

Feature / Enhancement Description

Define rules for how to increment:

• minSdkVersion
• targetSdkVersion

The minSdkVersion rule could be informed by which is the lowest Android version that received security patches. An Android platform that is out-of-support would likely not need to be supported by the Parse Android SDK.

Also evaluate whether it is possible - or makes sense - to test the SDK in different Android versions, similar to how we test Parse Server for different Node versions.

Example Use Case

n/a

Alternatives / Workarounds

n/a

[parse-github-assistant[bot]]

Thanks for opening this issue!

• 🎉 We are excited about your ideas for improvement!

[azlekov]

@mtrezza let me start the discussion here.

Current Parse Android SDK in the latest version was bumped to API version 16. This will cover 99.8% of all current active devices around the world. API version 16 is a very old one - from 2012. This SDK uses heavily a OkHttp library which is used to consume the REST apis. On their dev page they said:

OkHttp works on Android 5.0+ (API level 21+) and Java 8+.

And later there explain that:

The OkHttp 3.12.x branch supports Android 2.3+ (API level 9+) and Java 7+. These platforms lack support for TLS 1.2 and should not be used. But because upgrading is difficult, we will backport critical fixes to the 3.12.x branch through December 31, 2021.

I strongly suggest to freeze the min version to 21 as this is one of the first very stable Android versions with many security, SSL and other fixes. I suggest also to freeze the min to 21 and don't touch it unless some external library or something requires it. Then another discussion can be started. About the target version is good practice and it will cause no issues to target the latest version and update it from time to time. Notice that, API version 21 is released end of 2014 so the SDK will support devices that are 7-8 years old.

I also strongly suggest to if it's decided to rise the min API version to 21 to update the OkHttp library to the latest version and to have support for newer and safer TLS.

After all notice that all the older devices can use the older versions of the Parse Android SDK which used to be stable.

@mobilekosmos did great job there #1103 and you should consider the above.

[azlekov]

Actually @mtrezza we can think about a approach like this:

Freezing now:

minSdkVersion: 21 targetSdkVersion: 30 or 31

And on each next version once a year to increase both min and target version. Again notice that older version of the Android Parse SDK will remains and can be used. There's option to provide patch versions in some corner cases for an older Parse SDK versions.

[mtrezza]

Sounds good to me.

Can we define a rule, so we don't need a discussion about every API increment?

• targetSdkVersion --> always use latest one
• minSdkVersion --> bump to API 21 and increment as high as possible, but cover at least 95% of devices?

There's option to provide patch versions in some corner cases for an older Parse SDK versions.

We are currently experimenting with LTS on Parse Server for 4.x releases. From what I can tell so far, LTS can become resource consuming especially as branches increasingly divert over time. We can definitely try that here as well once this repo is on the new branch model.

[azlekov]

Sounds good to me, what about this slight adjustment - 95% and at least 5 years old release?

[azlekov]

We are currently experimenting with LTS on Parse Server for 4.x releases. From what I can tell so far, LTS can become resource consuming especially as branches increasingly divert over time. We can definitely try that here as well once this repo is on the new branch model.

On Android I'm pretty sure supported TLS versions are fixed to API versions. There will be no need to do crazy branching here.

[azlekov]

API version 29 added support for TLS v1.3. TLS v.1.2 from API version 21. This means that the Parse Android SDK can support both as it will target 31 and have min 21. So updating the OkHttp frequently will be sufficient.

[mobilekosmos]

Just know that sticking with API 21 avoids to improve the code base and removing of old code needed only on old versions.

[azlekov]

This can be closed. API bump strategy was defined in CONTRIBUTION.md and supported version into the README.md