Avoid other Android Apps to listen my broadcasts?

StackOverflow https://stackoverflow.com/questions/22660416

Question

Well... I don't know if trying to do this has sense on Android Architecture or if is even possible.

I accept 3rd party Apps to call my App through a BroadcastReceiver with a custom intent-filter. So, I ask for 3rd party Apps to send me the package name to be able to send them, through sendBroadcast, callbacks about the status of the work delegated on me.

Now, I want to make my own 3rd party App that connects with my core App and I'm worried that some special callbacks will be sent and capture only by my 3rd party App.

So, if an "unauthorized" 3rd party listen for the intent filter that I send will catch my Broadcast.

Currently, when I receive the Broadcast of my own 3rd party, I check the package name and check if this package is installed to try to avoid that non authorized fake to identify as my own 3rd party. But if user has my 3rd party installed and the non authorized, this "protection" will fail.

I read a bit about sett custom permissions, but I don't know if will fit in my scenario.

Could you give me some advices?

Thanks a lot.

Was it helpful?

Solution

PendingIntent has an interesting property: not only does it bundle up an Intent and the operation to be performed upon it, but it also effectively bundles up the security context in which that operation is performed.

In other words, it can be used to allow a foreign process to talk to one of your components, even if that component is not exported.

We see this a lot in standard uses of PendingIntent, such a AlarmManager or Notification. We usually use an explicit Intent inside the PendingIntent (e.g., new Intent(this, MyOtherComponent.class)). And usually those components do not have an <intent-filter> or are otherwise exported in our manifest. Yet, they work. That's because while the OS process that manages alarms and/or notifications does not have the right to talk to our component normally, it can execute the PendingIntent, and the PendingIntent is our way of saying "yes, you can talk to this component, but only for whatever this PendingIntent does, not arbitrary stuff".

So, if one app wants to set up a callback mechanism with another app, a slick approach is to use a PendingIntent. The first app's component (e.g., BroadcastReceiver) does not have to be exported, let alone have an <intent-filter>. Yet, the second app can trigger that component via the PendingIntent. Since a PendingIntent is Parcelable, it can be packaged easily enough as an extra on some other Intent, passed via an AIDL-defined interface for a bound service, or otherwise traverse process boundaries.

OTHER TIPS

If you use a custom permission with security level "signature", then only the apps which are signed with the same key will be able to send broadcasts to your receiver. If that solves your problem, you're fine.

http://developer.android.com/guide/topics/manifest/permission-element.html#plevel

"signature" - A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top