Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Restricting Android Broadcast Receiver from specific app

Tags:

android

android-permissions

broadcastreceiver

I have 2 applications.
If I use service, I can set permission so only app1 can send intent to app2:
Define permission in app2 (protection level: signature), and use that permission in app1.
Service in app2 is protected by that permission.
In this way, only app1 can send an intent to a service on app2, and no other app (unless my signature is leaked) can send intent to service on app2.

Can I do the same with Broadcast Receiver?

  • app1: sendBroadcast(intent, permission)
  • app2: define permission, use that permission.

To my understanding for using sendBroadcast(intent, permission), the application doesn't need to "use" the permission. Meaning ANY application can send intent to app2. Those permission parameters only checked against app2, to avoid other applications to receive this intent. (If I remove app2, and install fake app2 with the same permission string defined, fake app2 can get intent from app1, which is unexpected)

BTW, If application define the permission and use it itself, the protectionLevel(signature) seems to have no meaning. Is this true?

Now, I can set additional permission:

  • app1: Define permission, use that permission.
  • app2: Receiver restricted only for that permission.

Again, if one removes app1, installs fake app1 with the very same permission, then fake app1 can send fake intent to app2. What can I do to prevent app2 from receiving fake intent?

Thanks

like image 402
user1012131 Avatar asked Mar 02 '12 05:03

user1012131

People also ask

How do I restrict broadcasting the current app?

setAction(packageName + "<MY_ACTION>"); context. sendBroadcast(intent); Since the application package would remain unique for all apps on android, this would safely limit the Broadcast to your own app and you can register BroadcastReceivers in AndroidManifest. xml.

1 Answers

The tag can also define what permission the broadcasters should have, see http://developer.android.com/guide/topics/manifest/receiver-element.html#prmsn

I means you can protected your receiver from unauthorized broadcasts by coding like this:

...
<permission android:name="com.yourapp.PERMISSION"
    android:protectionLevel="signature"
        android:label="@string/permission_label"
        android:description="@string/permission_desc">
</permission>
...

<receiver android:name=".MyReceiver"
    android:permission="com.yourapp.PERMISSION">
    <intent-filter>
        <action android:name="com.yourapp.ACTION" />
    </intent-filter>
</receiver>
...
like image 166
Ziteng Chen Avatar answered Nov 27 '22 05:11

Ziteng Chen
Sign in to Comment

Related questions

Can't change default output folder
Open a numeric keyboard without forcing the EditText to be numeric only
How to switch or change between the tabs in android sdk graphical layout?
CursorAdapter vs ArrayAdapter for a ListView
Background colour of sliding drawer
Null Pointer in getApplicationContext()
Do test accounts require real credit card to purchase via In-app Billing?
Preferences of varying height within a PreferenceActivity
Historical distribution of the Android platform versions
How to logout twitter account by deleting cookies?
Sending multiple files through Bluetooth
Displaying Ad In AndEngine
Is there a way to copy from the clipboard in android into terminal?
How to get the rectangle of the Drawable of ImageView on Android?
Are there open source gesture libraries in Android? [closed]
How manage camera shutter speed and aperture in Android?
Changing position of Android Action Bar
How can I hide my Google Maps API Key when sharing my code on github?
How to Get the current location of my device [duplicate]
Verify Twitter app is logged in on Android

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!