How to tell which third-party app called startActivity into my app - android

Suppose there are two apps on my device, GoodApp and EvilApp. I didn't write either of them. Both apps can use an ACTION_SEND Intent to start an exported activity in my app, passing data in. They both call startActivity, not startActivityForResult.
I want to trust the data I receive from GoodApp, but distrust and ignore the data I receive from EvilApp.
How can my Activity tell which app started it? Activity.getCallingActivity() returns null, because it wasn't started for-result. I can't send a message back to the apps asking "was it you who sent me this?" because they aren't written to respond to that, and their code is out of my control. Is there any way I can tell the difference?

Require apps use startActivityForResult in order for you to handle their request? (:
ActivityManager.getRunningTasks might give you a hint, but its documentation says not to use it for things like what you are asking.

Related

How to configure the android intent actions in android manifest

I have a webview in my app, on trying to do actions like making a call (Tapping call button from results displayed in webview), sending mails and other actions, my webview doesn't perform those actions
I Found a solution to add the intent actions in my web view activity as
Intent intent = new Intent(Intent.ACTION_DIAL, Uri.parse(url));
startActivity(intent)
Instead of doing so is there any way to add in the android manifest file
or Is there any way to turn on all of the intent actions for the webview so that
there wont be further issues in handling the actions
Can someone help me on this pls
Your answer seems to me a bit strange, I think you are a bit confuse about the difference between Intent and manifest permission. The first one are the system used by android to let app communicate with each other, the second one allow you to use some feature of the device like wifi and direct phone call that need the explicit agreement of the user to be used (the prompt that popup when you make the first install of an app).
With this clarification it is clear that if you want to do something that require another app you will have to make an Intent. This Intent, if well formed, will be elaborated by the os that will take care of sending it to the correct application able to accomplish the Intentrequirement.
So the answer to your question, as far as i know, is no, you have to use intent if you have the need of calling external app. It's also a good practice to set in the manifest only the permission really needed by the app, this way the user know what the app really can do and and what it can't do.
Hope i understand your question and answer it.

what is difference between public and private Intents

I know that public (named) intents that are registered with the system and can be called from any application and private (anonymous) intents that are used within a single
application. please can anyone give me an example for better understanding.
Thanks in advance
Sorry no time to write a full answer, but you can create custom permissions in order to sign your Intents & BroadcastReceivers.
When you use these custom permissions, only apps that have been signed with the same signing key, and include that custom permission, can see these Intents.
This question might help you:
How to use custom permissions in Android?
#Commonsware explains the issue really well in a recent blog post:
Don't have an Accidental API - The CommonsBlog
The Android documentation does probably the best job of explaining it, here is a relevant snippet:
There are two primary forms of intents you will use.
Explicit Intents have specified a component (via
setComponent(ComponentName) or setClass(Context, Class)), which
provides the exact class to be run. Often these will not include any
other information, simply being a way for an application to launch
various internal activities it has as the user interacts with the
application.
Implicit Intents have not specified a component; instead,
they must include enough information for the system to determine which
of the available components is best to run for that intent. When using
implicit intents, given such an arbitrary intent we need to know what
to do with it.
This is handled by the process of Intent resolution,
which maps an Intent to an Activity, BroadcastReceiver, or Service (or
sometimes two or more activities/receivers) that can handle it.
Explicit intents you use in your activity to start internal activities.
While implicit intents are used often used to launch other activities like when you want to share a link or email something, you send out an implicit intent and let the user decide the email client to use to send the email or to share the link.
There are some instances where you might want to use an implicit intent to run an internal component of your app, because it seems to be more stable.

notify installation complete from service

I have this piece of code
private void initiateInstallation() {
Intent intent = new Intent(Intent.ACTION_VIEW);
Uri uri = Uri.fromFile(new File("/sdcard/example.apk"));
intent.setDataAndType(uri, "application/vnd.android.package-archive");
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
startActivity(intent);
}
that from within my service installs an application named example.apk
I want after the installation is finished to run an activity which notifies the user about the installation.I did that except the activity appears before the installation finishes.
The problem is that within a service I cannot use startActivityForResult. So, I need a way around this so that I can start my notification activity(or for the sake of example just print something out with Toast within the service) only AFTER the installation is complete.
I already tried some answers from other questions like "alternative to startActivityforResult in services" but still I couldn't figure this out.
I also put the code so that maybe there may be something done in there.
Thanks in advance ... any suggestions are welcome.
You could listen to the PACKAGE_ADDED broadcast intent: http://developer.android.com/reference/android/content/Intent.html#ACTION_PACKAGE_ADDED
As far as I know, these are sent after the installation is done, and you can listen to those from the service.
Just note that if the application was already installed, you will get ACTION_PACKAGE_CHANGED (as far as I know).
Also you must know the package name as well, not just the apk name, since the intent will contain the package name.
The answer given by #Pal Szasz is technically correct (as far as I know ;-) ).
However, based on the information given in your question, I assume you only wish to show a notification (no further programmatically actions are to be performed). If my assumptions are correct I would respectfully advise you NOT to show such a notification. And this is why:
The Android system already has a standard means of passing notifications to the user. The status bar will in this case already show you a message saying that the new app is successfully installed (or not installed in case of an error). If you implement yet another notification channel you will most likely confuse or irritate your users by diverging from the standard, expected behaviour.
Taking this beyond the borders of sanity one could also argue for the fact that you in some sense also would contribute to the fragmentation of Android (in a very small scale, but nevertheless).

How to secure Intent data while sending it across applications

I am working on the security aspects of my android application.
I would like to know about the ways to secure the Intent data and extras while sending it from one application to another so that no other application other than these two can snoop it.
One of the brute-force approaches would be to use android's encryption-decryption to encode intent data, is there a better way to achieve the same ??
Thanks in advance.
As pointed in the other answers, although you can send an intent to a fully qualified activity, nothing prevents someone from creating an application with the same package.
You might want to add an additional security step to this scheme:
First send a 'Challenge' intent to the remote activity (it should, for example, encrypt a random string you provided using a shared passphrase and send it back to you).
If that first security step is ok, you may freely send unencrypted messages to this remote app by using its fully qualified activity.
This is rather lame security, but perhaps it's sufficient for your needs.
Please take a look at CommonsWare's comment below.
A more secure way might be to code your activity as a Bound Service, keeping the Challenge step, but by means of more private communication.
My guess is that if you use an explicit intent, i.e. specifying the class to which the intent is to be sent to, then no other class can intercept that intent and look at its data.
This method however, may fail if the class name in the application that you're trying to send the information to changes.
If an intent specifies the the target, which is part of the sender application's package, then other applications won't have the chance to capture it - it will be delivered to the intended receiver.
On the other hand, if you send an intent to another application, there is no guarantee that the receiver of the intent will have the implementation you expect: if you send your intent to com.mycompany.security.SecureReceiver, but instead of your application, another application is installed with the given class description, than you will send your intent to that application.
Also, Android is an open system. If someone compiles his own application framework, than he can manipulate the Intent delivery system.
Do you want to protect your data from the user, or from malicious applications?

Get event on launching the native application

1 . can we get any event when user tap/touch native application(i.e. messaging,contacts).
2 . i know that any application launch by intent in android, there is any way to know which application launch with launch of application.
Thanks
No, We can not get any event directly or by any receiver.
what I have figured it that it can not be done directly......
But there are two work around for this :
Start a service that will check top-activity always by this way can know what activity got launched and do whatever you do under this condition.
Catch the logcat, read the line, and you can easily get what event what even took place, and by using your required filters you can even do whatever you like :)
can we get any event when user
tap/touch native application(i.e.
messaging,contacts).
Not generally. Most of these icons are tied to their applications.
there is any way to know which application launch with launch of application.
This makes no sense to me, sorry.
I am agree with #K_Rapid's answer..
Check code of AppLocker
I hope you will got solution from that code...
For (1): what do you mean by 'tap/touch'? Do you mean when the built-in applications are launched, or when they're interacted with?
If you mean launching, you can listen to any intents being fired by the system by registering a broadcast receiver. If you set your IntentFilter to receive intents with CATEGORY_LAUNCHER, you should be able to see when the launcher starts applications.
See:
http://developer.android.com/reference/android/content/Intent.html#CATEGORY_LAUNCHER
http://developer.android.com/reference/android/content/BroadcastReceiver.html
If you mean interacting, I don't think you can do that.
For (2): I don't believe that intents remember where they were constructed, so I don't think this is possible. I could be wrong, however.

Categories

Resources