We use Bluetooth Low Energy L2CAP Channels (introduced in Android API Level 29) to transfer data to our BLE devices. Recently we've got reports that it's not working on this devices:
- Oppo Find X2 Pro, API Level 31 (Android 12)
- Sony Xperia 1 III, API Level 31 (Android 12)
It turned out that when calling BluetoothSocket.connect() on the BluetoothSocket returned by createInsecureL2capChannel() these certain devices throw
java.lang.SecurityException: UID 10391 / PID 18566 lacks permission android.permission.BLUETOOTH
Declaring android.permission.BLUETOOTH in the manifest solves the problem.
But the documentation clearly says that only Manifest.permission.BLUETOOTH_CONNECT
should be needed. And this expected behaviour could also be derived from the fact that in all other BLE scenarios android.permission.BLUETOOTH is never needed for API Level >= 31.
Is this a bug in the vendor-specific implementation of the Bluetooth stack? Are more devices/vendors are affected of this bug?