Menu
I am trying to decide the best approach to expose encrypted content stored on phone to 3rd party apps. The content is sensitive and needs to be protected so only certain apps can access this. The approaches I'm investigating are IPC and Content Provider. Below is what I believe to be some of the pro's and con's of both for my situation.
IPC - Pro's
IPC - Con's
More complicated to implement than Content Provider
Would have to write own way of securing access to content.
Content Provider - Pro's
Easy to implement
Easy to secure access by making provider definition permission: protectionLevel=signature
Content Provider - Con's
To secure access, the Content Provider's key signature must be shared with 3rd party app which isn't ideal.
Limited flexibility in results types returned. Content Provider returns only a Cursor object for the columns that were queried.
Is there any major differences on performance and battery?
Can either execute asynchronously?
Any other comments/suggestions to the list?
372
A content provider manages access to a central repository of data. A provider is part of an Android application, which often provides its own UI for working with the data. However, content providers are primarily intended to be used by other applications, which access the provider using a provider client object.
A content provider component supplies data from one application to others on request. Such requests are handled by the methods of the ContentResolver class. A content provider can use different ways to store its data and the data can be stored in a database, in files, or even over a network.
You can implement as many as you want, as you can see from the documentation here. To register a content provider, you need to add its corresponding <provider> tag in the Android Manifest. In most cases, however, you won't need multiple content providers. One is usually enough, as it can handle multiple tables.
The ContentProvider instance manages access to a structured set of data by handling requests from other applications. All forms of access eventually call ContentResolver , which then calls a concrete method of ContentProvider to get access.
Easy to secure access by making provider definition permission: protectionLevel=signature
That only works if you are the only firm using the content provider.
To secure access, the Content Provider's key signature must be shared with 3rd party app which isn't ideal.
I would describe this more as "may meet the medical definition of 'insanity'". Your third parties will be able to modify your "secure" data, forge applications as having been published by you, leak your signing key to malware authors, etc.
Content Provider returns only a Cursor object for the columns that were queried.
You can use the file-based content provider API in addition to, or instead of, the Cursor-based content provider API. See methods like openInputStream() on ContentResolver.
Is there any major differences on performance and battery?
Not especially.
Can either execute asynchronously?
Both can, though personally I find it a bit easier with services.
Any other comments/suggestions to the list?
Permissions work equally well with services and content providers, but I wish to re-emphasize that you should never be sharing your signing key with third parties, except perhaps at gunpoint.
73
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
