Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Permissions for a WearableListenerService

Tags:

android

wear-os

android-wear-data-api

I've implemented a WearableListenerService in both my main app and the companion Wear app. In the manifests, the service needs to be declared as android:exported="true" (or not declared at all and left to default to true) since it's started by Google Play Services. An exported service with no permissions can be called by any app on the system, but I can't find the correct permission to add to the service declaration to secure it. I've looked through the permissions on both the phone and the Wear device with pm list permissions but I don't see anything that looks like what I need.

  1. Is there a permission that I can/should add to secure my services?
  2. If not, is it a good idea to manually secure the service by checking the package name of the caller?
like image 381
Jarett Millard Avatar asked Dec 15 '22 21:12

Jarett Millard

1 Answers

The best way to see how to implement a WearableListenerService on Android Wear is to look at one of the existing samples provided by the SDK. If you look at the DataLayer sample included at $SDK/samples/android-20/wearable/DataLayer it has a full implementation of what you are wanting to do.

If you look in the AndroidManifest.xml for the wearable side, you can see it has the following:

    <meta-data
            android:name="com.google.android.gms.version"
            android:value="@integer/google_play_services_version" />

    <service
            android:name=".DataLayerListenerService" >
        <intent-filter>
            <action android:name="com.google.android.gms.wearable.BIND_LISTENER" />
        </intent-filter>
    </service>

For your security concerns ... When we declare a service in manifest and add a filter to it, it automatically becomes an exported service. So in general, other apps can bind to that service. In case of WearableListenerService, there is a security check that happens in the framework to make sure that the agent binding to that is Google Play Services so no one else can really bind to that service, unless the app developer exposes other intent filters in which case the intention is for others to access it.

So if you implement your code in the same way as the Wear SDK samples, your app should be secure and you do not need to worry about any extra permissions, etc.

like image 111
Wayne Piekarski Avatar answered Jan 06 '23 23:01

Wayne Piekarski
Sign in to Comment

Related questions

Offline tile caching using MapBox Android SDK
Progressbar android with text inside
Draw text inside android circle
connectivity change receiver gets false intents in android
How to make a layout to be scrollable ? Android
JodaTime - Check if LocalTime is after now and now before another LocalTime
Getting Detail/Expanded Text from an Android Notification?
Switch statement Android
finish not stoping the activity code execution
getExternalFilesDir NOT creating new Directory
JSON array to auto complete text view in android
How to create hidden folders
aSmack error: XMPPConnection is abstract; cannot be instantiated
Downgrade Phonegap android version from 3.40 to 2.9.0
How to get barometric altitude in Android?
How to check intersection in libgdx? [closed]
How and what converts the Java bytecode to Android dex files?
Admob Interstitial ad on Button Click
Android SQLite: should I use beginTransaction and endTransaction only at insert or both insert and read queries?
Can't refactor methods with underscore as a parameter into lambdas? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!