Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to securely share data between two or more applications in android?

I am making an application framework for the enterprise environment which involves data sharing between two or more applications from the device memory. This data needs to be stored on the device and accessible to only a few applications (which can be identified by the certificates used to install them). Also, it needs to be stored in a secure way so as to be not accessible to other third party applications . Which is the best way to implement this functionality ?

I have read up about ContentProviders and ContentResolvers which to my understanding only facilitate this process . The actual storage of data is what is more important .I have also looked into the Keychain API of Android which seems to be the closest to what I need to achieve.

Is there a way to integrate ContentProviders and ContentResolvers with Keychain APIs ? Is this the correct way to do so ? If not , what is the best way to achieve the same? Also, I haven't been able to find good code samples to completely understand the functioning of the Keychain API. Please Help!

Edit :
I've also looked at the Keystore API. This internally uses the Keychain API and for sharing data between applications, Keychain should be used. Though I haven't been able to find code samples for the same or a detailed documentation or API guide on how to use the Keychain API. I am looking for an android equivalent of the iOS Keychain.

Something known as managed profiles has also been introduced in Android 5 . Is this the correct way to acheive what I am trying to do ?

like image 983
Keya Madhukar Avatar asked Mar 30 '16 07:03

Keya Madhukar


People also ask

How can I share data between two apps on Android?

Android uses the action ACTION_SEND to send data from one activity to another, even across process boundaries. You need to specify the data and its type. The system automatically identifies the compatible activities that can receive the data and displays them to the user.

What is the best way to store sensitive data for an Android application?

In general sensitive data stored locally on the device should always be at least encrypted, and any keys used for encryption methods should be securely stored within the Android Keystore. These files should also be stored within the application sandbox.


1 Answers

You have to declare your applications with the same sharedUserId, like:

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.mydomains.myapp"
    android:sharedUserId="com.mydomains.shared.user.id"
    android:sharedUserLabel="@string/appName">

In this case all data stored in private storage of both apps will be available to each other (supposed they have signed with the same signature)

As read manual:

sharedUserId: The name of a Linux user ID that will be shared with other applications. By default, Android assigns each application its own unique user ID. However, if this attribute is set to the same value for two or more applications, they will all share the same ID — provided that they are also signed by the same certificate. Application with the same user ID can access each other's data and, if desired, run in the same process.

like image 141
Barmaley Avatar answered Sep 28 '22 00:09

Barmaley