Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What protects Android AccountManager passwords from being read by other apps?

I'm writing 1) an app that stores a username and password in the AccountManager, and 2) a separate background Service app that accesses those credentials to login to my servers, etc. Playing around with this, I find I'm able to call AccountManager.getPassword(account) from the Service (app 2) to access the type of accounts I've add to the AccountManager using the other app (app 1).

Due to this, I'm starting to wonder what stops an arbitrary malicious app from 1) including the fields in the manifest to have Account management access, and then then 2) from iterating through all accounts of a particular type and calling mAccountManger.getPassword(account) on them. I know that during installation, a dialog pops up with all the permissions that an app requests to use, but I don't think we can count on the average user to reject an app because it requests suspicious permissions.

Is there a way to prevent getPassword from being called on an account type? Are there ways to protect accounts in the AccountManager from apps that have given themselves lots of account permissions?

like image 500
liucheia Avatar asked Nov 17 '11 21:11

liucheia


People also ask

Is Android account manager secure?

Using an AccountManager to store credentials is a much secure way than storing in a file or a SQL DB. A file can be retrieved by any other app unlike via AccountManager Android will enforce that only your app will be able to access to the key.

How can sensitive data like contacts or access to the camera or other sensors be secured in the world of mobile apps?

How can sensitive data like contacts or access to the camera (or other sensors) be secured in the world of mobile apps? Access to a user's data or sensors is restricted by a permissions system.


1 Answers

Account data protection is based on the Linux user id (UID) of the process making the request. (See Security and Permissions in the guide.) Each account is associated with an account authenticator (that has a UID), and the process calling getPassword (or several other methods) must have the same UID as the authenticator.

like image 169
Ted Hopp Avatar answered Oct 15 '22 08:10

Ted Hopp