How Do I Restrict Access To My Contentprovider To Only My Apps?

August 26, 2023 Post a Comment

I want to export a ContentProvider for use by another one of MY apps. How do I prevent other apps from accessing it? If I use an android:permission attribute, can't 3rd party apps

Solution 1:

If I use an android:permission attribute, can't 3rd party apps just apply that permission to their app?

Well, you can use a signature-level custom permission (android:protectionLevel="signature"). Then, the app holding the permission and the app defending itself with the permission have to be signed by the same signing key.

There's a bug/limitation in Android that can allow an attacker, installed before your app, to hold this permission even though the attacker is not signed by your signing key. I go into that in more detail in this report (as it's a bit complex for an SO answer) and have a PermissionUtils class to help you detect that case.

Baca Juga

Unsupportedoperationexception While Calling Getsharedpreferences() From Unit Test
Filter Contacts Except Groups Of Account Type
Important Dont's For A Good Android App Design(beginner/novice Level)?

Android Devweb

How Do I Restrict Access To My Contentprovider To Only My Apps?

Solution 1:

Post a Comment for "How Do I Restrict Access To My Contentprovider To Only My Apps?"