Custom permission with implicit intent

Question

In view of the security model in Android, I'm trying to use custom permissions with a broadcast receiver.

WHAT I'VE DONE :

I have declared a custom permission for the receiver, thereby limiting the broadcasts that it can receive. Some code from manifest:

<permission android:name="abc"/>

<receiver android:name=".UpdateUserReceiver"
        android:permission="abc"
        android:enabled="true"
        android:exported="false">

        <intent-filter>
            <action android:name="android.intent.action.ACTION_UPDATE_USERNAME"/>
            <category android:name="android.intent.category.DEFAULT"/>
        </intent-filter>
</receiver>

Now I expect that receiver UpdateUserReceiver will only receive broadcasts from components which use the permission 'abc'.

Broadcast sending code:

// Update username. Invoke broadcast.
Intent updateUserBroadcast = new Intent();
updateUserBroadcast.putExtra("username", userName);
updateUserBroadcast.setAction("android.intent.action.ACTION_UPDATE_USERNAME");
sendBroadcast(updateUserBroadcast);

Activity which sends broadcast :

<activity android:name=".UpdateUserNameActivity">

        <intent-filter>
            <action android:name="com.intent.action.UPDATE_USERNAME"/>
            <category android:name="android.intent.category.DEFAULT"/>
        </intent-filter>
</activity>

Question 1 : As seen, the activity nowhere uses the permission which the receiver has declared, so that it can receive the broadcast from the activity. But still the receiver is invoked, and I suspect it's due to the use of implicit intents though I'm not sure. Any ideas?

Question 2 : What's the difference between the permission tag declared at app level, and android:permission tag inside the receiver? I understand the use of 2nd one, which enforces a permission before anyone can expect the receiver to receive the broadcast, but then why's the first one required. Is it needed for this scenario, or can it be removed. Either way, I have checked that the receiver receives the broadcast.

Answer 1

Answer 1:
the <uses-permission> tag in <manifest> requests a permission for all component in this application, you don't need to request a permission for a single activity. And The application declares the custom permission use <permission> will automaticall holds it, no necessary to request it again.
I guess your activity and the receiver are in the same application.
"implicit intents" can not break the "permission rule".

Answer 2:
the <permission> in <application> will set a permission that applies to all of the application's components.
check here: http://developer.android.com/guide/topics/manifest/application-element.html#prmsn

Answer 2

But still the receiver is invoked, and I suspect it's due to the use of implicit intents though I'm not sure

No.

Any ideas?

They are both in the same app ("because here my activity and receiver are in the same application"). Permissions are applied between apps, as part of inter-process communication (IPC), not within an app.

What's the difference between the permission tag declared at app level, and android:permission tag inside the receiver?

<permission> defines the permission. android:permission applies the permission. To draw a Java analogy, <permission> defines a field, android:permission uses the field.

Answer 3

Ok got your point. you might be sending the broadcast from the same application. Have you tried sending the broadcast from different app? Look at this code. There is a PID check if calling PID is same app then permission will be granted by default. Hence your receiver is getting executed with out any problem. http://androidxref.com/4.4.4_r1/xref/frameworks/base/core/java/android/app/ActivityManager.java#2109