Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Get rid of "Exported service does not require permission" warning

I'm looking for a solution to get rid of the warning. I don't understand even why it appears. I took a look at a SDK example where no warning appears.

At first here is my manifest where I get the warning Exported service does not require permission:

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.example.android"
    android:versionCode="1"
    android:versionName="1.0" >

    <uses-sdk android:minSdkVersion="8"
              android:targetSdkVersion="15" />

    <uses-feature android:name="android.hardware.camera"
                  android:required="true" />

    <uses-permission android:name="android.permission.GET_ACCOUNTS" />
    <uses-permission android:name="android.permission.USE_CREDENTIALS" />
    <uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />
    <uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
    <uses-permission android:name="android.permission.READ_SYNC_SETTINGS" />
    <uses-permission android:name="android.permission.WRITE_SYNC_SETTINGS" />

    <application
        android:icon="@drawable/ic_launcher"
        android:label="@string/app_name"
        android:theme="@style/Theme.Sherlock">
        <service
            android:name=".AuthenticationService"
            android:exported="true">
            <intent-filter>
                <action
                    android:name="android.accounts.AccountAuthenticator" />
            </intent-filter>
            <meta-data
                android:name="android.accounts.AccountAuthenticator"
                android:resource="@xml/authenticator" />
        </service>

        <activity
            android:name=".Test"
            android:label="@string/app_name" >
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />
                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
        </activity>
...

While the SampleSyncAdapter of the Android SDK has this manifest:

<?xml version="1.0" encoding="utf-8"?>
<manifest
    xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.example.android.samplesync"
    android:versionCode="1"
    android:versionName="1.0">
    <uses-permission android:name="android.permission.GET_ACCOUNTS" />
    <uses-permission android:name="android.permission.USE_CREDENTIALS" />
    <!-- ... -->

    <uses-sdk android:minSdkVersion="8" android:targetSdkVersion="15" />

    <application
        android:icon="@drawable/icon"
        android:label="@string/label">
        <!-- The authenticator service -->
        <service
            android:name=".authenticator.AuthenticationService"
            android:exported="true">
            <intent-filter>
                <action
                    android:name="android.accounts.AccountAuthenticator" />
            </intent-filter>
            <meta-data
                android:name="android.accounts.AccountAuthenticator"
                android:resource="@xml/authenticator" />
        </service>
    ...

But there is no warning. Why the hell do I get a warning? Well I use the Theme.Sherlock theme for the usage of the ActionBarSherlock. But I cannot imagine that this causes the error.

like image 487
rekire Avatar asked Jul 19 '12 09:07

rekire


3 Answers

The warning is telling you that you have exported (ie: made publicly available) a service without securing it with a permission. This makes your service available to any other applications without restrictions. See Exported service does not require permission: what does it mean?

If your service doesn't need to be available to other applications, you don't need to export it. Explicitly setting android:exported="false" will remove the warning.

Note: The default value for android:exported is true if you have provided an Intent filter.

like image 164
David Wasser Avatar answered Nov 17 '22 20:11

David Wasser


You need to add a permission requirement for your service. The one you need is android.permission.ACCOUNT_MANAGER. Your authenticator is only accessed through the manager.

like image 32
Paul de Vrieze Avatar answered Nov 17 '22 20:11

Paul de Vrieze


Regarding this issue, there is already a bug created in Android project about this warning using "Sync Adapter": https://code.google.com/p/android/issues/detail?id=37280 but it's still an Open bug.

like image 1
Juan Saravia Avatar answered Nov 17 '22 22:11

Juan Saravia