Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to restrict Android Intents or add security

I have added an intent filter to an activity in my application so that other apps can access certain data (from the cloud) via my app. However, some users may have privacy concerns and may not be too happy at their data being used. However, other apps can plug in to mine, to back up their settings etc to the cloud.

Now, I need some kind of security mechanism to restrict which apps can access mine so that I can disallow malicious apps etc. While it is impossible to identify a malicious app, I would like some kind of access control by allowing only certain 'trusted' packagenames. However I cannot find how to do that.

The other option is to add a permission requirement, but this can be overlooked by more users. While that would be the users fault (and it would be my fault if I do not add the permission), recently apps have taken a lot of flak for exposing user content.

The third option is to prompt the user each time some app access mine. However I do not have the packagename so I cannot tell where the intent came from. Also, my app automates certain transfers from the cloud, so the user may 'set and forget' the intent.

I am relying on just intents to transfer some commands between two different applications. I see that I will have to implement safeguards myself, but I do not want to re-invent the wheel if Google already has some flows in place. If not, I will have to implement my own authentication flow or something like that.

EDIT: I'm a noob so I use terms too loosely. Tried to make the question better.

A bit more about the app. It automates downloads/uploads from/to a cloud service. By sending an intent, another app can specify a file to be downloaded or uploaded. I dont want this to happen without the user knowing, so I would prompt him when the intent comes in and I accept the data. But also, the application can set up recurring transfers. While the user has now been prompted twice (once on permissions, and once when the intent comes in) he has no right to complain. But is this acceptable practice or do I need to safeguard it more somehow.

like image 666
thedesolatesoul Avatar asked Sep 23 '12 19:09

thedesolatesoul


2 Answers

I think you should look at the functions Binder.getCallingUid to get UID of the calling process (and then its packageName) or Binder.getCallingPid to get PID of the calling process and from this pid discover packageName of the calling process. Be careful, several packages can use the same UID (if they are signed with the same certificate only) and several packages can share one process (but they also should have the same UID).

like image 66
Yury Avatar answered Oct 19 '22 14:10

Yury


I have added an intent filter in my app

No, you have not. You have added an <intent-filter> to an <activity>, or a <service>, or a <provider>, but not to an <application>.

Now, I need some kind of security mechanism to restrict which apps can access mine so that I can disallow malicious apps etc.

How, precisely, do you intend to identify a "malicious app"?

My prefered option would be that I can enable intents from certain 'trusted providers' by filtering the intent with package name. However I cannot find how to do that.

That is not supported.

The other option is to add a permission requirement, but this can be overlooked by more users.

If a user "overlooks" a permission requirement, they have no grounds for complaint regarding "privacy concerns".

However I do not have the packagename so I cannot tell where the intent came from.

In some cases, Yury's recommendation will work.

What are my options for security when it comes to intents

There is no such concept in Android. Intents do not have "security", any more than integers have "security". Activities, services, and broadcast receivers represent your code, and your code can implement security measures to protect said code.

or is this the wrong method for IPC?

Since you have not indicated what you are doing for IPC (other than it involves Intent objects, apparently), it is impossible to answer this question.

like image 20
CommonsWare Avatar answered Oct 19 '22 14:10

CommonsWare