I'm looking for a solution to get rid of the warning. I don't understand even why it appears. I took a look at a SDK example where no warning appears.
At first here is my manifest where I get the warning Exported service does not require permission:
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.android"
android:versionCode="1"
android:versionName="1.0" >
<uses-sdk android:minSdkVersion="8"
android:targetSdkVersion="15" />
<uses-feature android:name="android.hardware.camera"
android:required="true" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.USE_CREDENTIALS" />
<uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />
<uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
<uses-permission android:name="android.permission.READ_SYNC_SETTINGS" />
<uses-permission android:name="android.permission.WRITE_SYNC_SETTINGS" />
<application
android:icon="@drawable/ic_launcher"
android:label="@string/app_name"
android:theme="@style/Theme.Sherlock">
<service
android:name=".AuthenticationService"
android:exported="true">
<intent-filter>
<action
android:name="android.accounts.AccountAuthenticator" />
</intent-filter>
<meta-data
android:name="android.accounts.AccountAuthenticator"
android:resource="@xml/authenticator" />
</service>
<activity
android:name=".Test"
android:label="@string/app_name" >
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
...
While the SampleSyncAdapter of the Android SDK has this manifest:
<?xml version="1.0" encoding="utf-8"?>
<manifest
xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.android.samplesync"
android:versionCode="1"
android:versionName="1.0">
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.USE_CREDENTIALS" />
<!-- ... -->
<uses-sdk android:minSdkVersion="8" android:targetSdkVersion="15" />
<application
android:icon="@drawable/icon"
android:label="@string/label">
<!-- The authenticator service -->
<service
android:name=".authenticator.AuthenticationService"
android:exported="true">
<intent-filter>
<action
android:name="android.accounts.AccountAuthenticator" />
</intent-filter>
<meta-data
android:name="android.accounts.AccountAuthenticator"
android:resource="@xml/authenticator" />
</service>
...
But there is no warning. Why the hell do I get a warning? Well I use the Theme.Sherlock theme for the usage of the ActionBarSherlock. But I cannot imagine that this causes the error.
The warning is telling you that you have exported (ie: made publicly available) a service without securing it with a permission. This makes your service available to any other applications without restrictions. See Exported service does not require permission: what does it mean?
If your service doesn't need to be available to other applications, you don't need to export it. Explicitly setting android:exported="false"
will remove the warning.
Note: The default value for android:exported
is true
if you have provided an Intent filter.
You need to add a permission requirement for your service. The one you need is android.permission.ACCOUNT_MANAGER
. Your authenticator is only accessed through the manager.
Regarding this issue, there is already a bug created in Android project about this warning using "Sync Adapter": https://code.google.com/p/android/issues/detail?id=37280 but it's still an Open bug.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With