Menu
How can we ensure that certain applications are not able to access my data stored in content provider where in certain other applications can access that? Basically I need to allow some application of my interest to access my data stored in Content Provider but I do not want all the applications to be able to access that data. How can I achieve this?
Thanks.
602
After creating the content provider , specify the content provider in the manifest file. You can mention content provider using the tag. Inside the provider tag dont forget to mention the name and authorities attributes. This declaration should be ..
Apps won't be able to access other apps' data from May 5, according to Google's new policy. Many users may not be aware that any single app on your smartphone can see every other app that you have installed on your device.
When you want to access data in a content provider, you use the ContentResolver object in your application's Context to communicate with the provider as a client. The ContentResolver object communicates with the provider object, an instance of a class that implements ContentProvider .
Side channels allow apps to access protected data without permission; covert channels are used when two apps communicate—one sharing protected data that has been given with permission to another that is lacking those permissions. This data could include MAC addresses, the phone's IMEI, and more.
The easiest way is to protect the content provider with a permission you define. Make it a signature a permission so only apps signed with your certificate are allowed to get it.
See:
http://developer.android.com/guide/topics/security/security.html
http://developer.android.com/reference/android/R.styleable.html#AndroidManifestProvider
http://developer.android.com/guide/topics/manifest/provider-element.html
If doing this based on certificates is not sufficient, you will need to write the permission checks yourself. This is done by calling Binder.getCallingUid() for incoming calls to your applications, and deciding whether the given uid has permission to access your provider. Actually implementing a different policy that is actually secure requires a lot of careful thought and design, though.
192
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
