I am working on the security aspects of my android application.
I would like to know about the ways to secure the Intent data and extras while sending it from one application to another so that no other application other than these two can snoop it.
One of the brute-force approaches would be to use android's encryption-decryption to encode intent data, is there a better way to achieve the same ??
Thanks in advance.
As pointed in the other answers, although you can send an intent to a fully qualified activity, nothing prevents someone from creating an application with the same package.
You might want to add an additional security step to this scheme:
First send a 'Challenge' intent to the remote activity (it should, for example, encrypt a random string you provided using a shared passphrase and send it back to you).
If that first security step is ok, you may freely send unencrypted messages to this remote app by using its fully qualified activity.
This is rather lame security, but perhaps it's sufficient for your needs.
Please take a look at CommonsWare's comment below.
A more secure way might be to code your activity as a Bound Service, keeping the Challenge step, but by means of more private communication.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With