Android permission to limit INSTALL_REFERRER to play store

Question

I'm setting up campaign tracking using custom analytics (not google analytics) and setting up a receiver for that. My receiver seems to be working, but when I install I get an android lint warning:

ExportedReceiver: Receiver does not require permission

It looks like any old android app could call my application with the com.android.vending.INSTALL_REFERRER intent which I do not want. It should only be the Google Play Store (or any other android system application that would install my app from the play store) sending that intent to my application.

So I've tried to figure out how to set up a permission that limits the valid applications to the play store, but I can't figure out the correct way to set up the permission according to the documentation:

https://developer.android.com/guide/topics/manifest/permission-element.html

Could someone help me setup a permission that limits the applications my application will accept this intent from to the play store? Here's my current receiver config:

    <receiver
            android:name=".referrals.MyCampaignTrackingReceiver"
            android:enabled="true"
            android:exported="true">
        <intent-filter>
            <action android:name="com.android.vending.INSTALL_REFERRER"/>
        </intent-filter>
    </receiver>

I tried setting a permission for the receiver at the normal level but that prevented the app from receiving the intent from the playstore.

Answer 1

You need to set android:permission attribute on your receiver. So that it will look something like this:

<receiver
        android:name=".referrals.MyCampaignTrackingReceiver"
        android:enabled="true"
        android:exported="true"
        android:permission="android.permission.CLEAR_APP_CACHE">
    <intent-filter>
        <action android:name="com.android.vending.INSTALL_REFERRER"/>
    </intent-filter>
</receiver>

Usage of "android.permission.CLEAR_APP_CACHE" here is arbitrary, you can use any permission that Play Store has AND is not possible for third-party apps to have (because CLEAR_APP_CACHEs protection level is system|signature only system apps or apps signed with the same certificate as the application that declared this permission; in this case the platform). For example, looking through Play Store's manifest suggests, "com.android.vending.permission.C2D_MESSAGE" could be another good candidate.

Hope this helps.