The evolution by API level

Before Android 6 (API 23), storage permissions were granted at install time. From API 23 onward, READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE became runtime permissions the user approves at first use.

Android 10 (API 29) introduced scoped storage, sandboxing each app to its own directory and the shared media collections via MediaStore; broad filesystem access was deprecated. Android 11 (API 30) enforced scoped storage and added MANAGE_EXTERNAL_STORAGE ("All files access") for the narrow set of apps Google permits, such as file managers. Android 13 (API 33) replaced the single read permission with granular READ_MEDIA_IMAGES, READ_MEDIA_VIDEO, and READ_MEDIA_AUDIO. Android 14 (API 34) added READ_MEDIA_VISUAL_USER_SELECTED for partial, user-picked photo access.

Scoped storage and how you delete now

Under scoped storage an app freely reads and writes its own getExternalFilesDir() sandbox without any permission, but shared media is reached through MediaStore and the ContentResolver. To modify or delete media another app created, you request user consent through MediaStore.createDeleteRequest() (or write/trash requests), which shows a system confirmation dialog.

Google's recommended path for simply reading user photos is the Photo Picker, which returns selected items with no storage permission at all. Apps that need to enumerate and remove many files, like cleaners, still rely on MediaStore plus delete-request consent dialogs rather than raw filesystem access.

Why it matters for a cleaner

These changes explain why Cleanor's behavior is not identical on every phone. On newer Android versions it asks for granular media permissions and routes every deletion through a system confirmation, so removing duplicates may involve a consent prompt; on older versions a single legacy permission could cover more at once. The trade-off is more privacy and safety in exchange for an extra tap, and the app adapts its flow to whatever the device's API level allows.