I know that public (named) intents that are registered with the system and can be called from any application and private (anonymous) intents that are used within a single
application. please can anyone give me an example for better understanding.
Thanks in advance
Sorry no time to write a full answer, but you can create custom permissions in order to sign your Intents & BroadcastReceivers.
When you use these custom permissions, only apps that have been signed with the same signing key, and include that custom permission, can see these Intents.
This question might help you:
How to use custom permissions in Android?
#Commonsware explains the issue really well in a recent blog post:
Don't have an Accidental API - The CommonsBlog
The Android documentation does probably the best job of explaining it, here is a relevant snippet:
There are two primary forms of intents you will use.
Explicit Intents have specified a component (via
setComponent(ComponentName) or setClass(Context, Class)), which
provides the exact class to be run. Often these will not include any
other information, simply being a way for an application to launch
various internal activities it has as the user interacts with the
application.
Implicit Intents have not specified a component; instead,
they must include enough information for the system to determine which
of the available components is best to run for that intent. When using
implicit intents, given such an arbitrary intent we need to know what
to do with it.
This is handled by the process of Intent resolution,
which maps an Intent to an Activity, BroadcastReceiver, or Service (or
sometimes two or more activities/receivers) that can handle it.
Explicit intents you use in your activity to start internal activities.
While implicit intents are used often used to launch other activities like when you want to share a link or email something, you send out an implicit intent and let the user decide the email client to use to send the email or to share the link.
There are some instances where you might want to use an implicit intent to run an internal component of your app, because it seems to be more stable.
Related
I am creating an app with a service, and I would like other apps to be able to interact with and extend it. I can think of two scenarios:
another app wants to interact with the service
someone develops a better version of the service that they would
like my app to use instead of my built-in service
Most of the things that I have read about actions say that you should name your action something like com.mycompany.appname.CUSTOM_ACTION. However, I do not think I should put the actions in my own namespace since other developers might want their apps to be able to receive them. Instead, I think they should give them a more public name, like intent.action.CUSTOM_ACTION.
Is there a convention for naming public actions? Is it ok that I name my actions like intent.action.CUSTOM_ACTION, or is that a no-no?
It's bad idea to give it generic names. It comes with your app and therefore you should stick to com.mycompany.appname.CUSTOM_ACTION namespace
openintents.org is a website that appears to allow developers to register intents that they want other applications to use.
I am working on the security aspects of my android application.
I would like to know about the ways to secure the Intent data and extras while sending it from one application to another so that no other application other than these two can snoop it.
One of the brute-force approaches would be to use android's encryption-decryption to encode intent data, is there a better way to achieve the same ??
Thanks in advance.
As pointed in the other answers, although you can send an intent to a fully qualified activity, nothing prevents someone from creating an application with the same package.
You might want to add an additional security step to this scheme:
First send a 'Challenge' intent to the remote activity (it should, for example, encrypt a random string you provided using a shared passphrase and send it back to you).
If that first security step is ok, you may freely send unencrypted messages to this remote app by using its fully qualified activity.
This is rather lame security, but perhaps it's sufficient for your needs.
Please take a look at CommonsWare's comment below.
A more secure way might be to code your activity as a Bound Service, keeping the Challenge step, but by means of more private communication.
My guess is that if you use an explicit intent, i.e. specifying the class to which the intent is to be sent to, then no other class can intercept that intent and look at its data.
This method however, may fail if the class name in the application that you're trying to send the information to changes.
If an intent specifies the the target, which is part of the sender application's package, then other applications won't have the chance to capture it - it will be delivered to the intended receiver.
On the other hand, if you send an intent to another application, there is no guarantee that the receiver of the intent will have the implementation you expect: if you send your intent to com.mycompany.security.SecureReceiver, but instead of your application, another application is installed with the given class description, than you will send your intent to that application.
Also, Android is an open system. If someone compiles his own application framework, than he can manipulate the Intent delivery system.
Do you want to protect your data from the user, or from malicious applications?
I've built an app called xLancer (https://market.android.com/details?id=kz.jay.xlancer.activity) that retrieves job listings from Elance. Now i want to implement a feature that would remind me to bid on a project at a later time. Instead of reinventing the wheel i want to launch any external TODO/Task manager app. But now i am stuck, i don't know which URI or action should be specified, so far i've only used intents to call my internal activities by specifying class name explicitly.
So the question is: how can i know which URI/action should be specified?
Look here, I didn't see any Todo/Task intents there though....
What's the proper way for other people to reuse my Activities? Should they hard code the intent actions in their app or is it customary to provide them with a jar file enumerating my app's intent actions? Is there a less tightly-coupled way to lookup the intent actions?
First of all, take a look at openintents.org and see if there's any match to what your activity does.
Secondly, documentation is always a good idea.
Having the intent details hardcoded in their applications should work just fine. After all, the intents are part of your public interface and shouldn't change.
Your applications manifest should announce what sorts of things your activity can handle, via intent-filters. Outside users can read the manifest to determine what actions you support, and invoke them via action intents.
See intents and intent filters for more details.
I am interested in activating another application's activity. I know from reading the Android SDK that it's probably better to do this with an implicit intent. However, this activity doesn't reside in an application I own, so I don't know the action and category and data flags on the intent-filter.
How can I examine an Android applications metadata like the activity classes and the intent-filters for those activities (if declared in the manifest)?
Thanks!
I would try this.
Check on openintents
Contact the developer.
Use android-apktool too see the app's manifest.
It might be illegal to use android-apktool. Use it under your own risk.
There is one more solution: you could run this app and look into logcat. All intents are logged, so you could see what is called up. You won't see extra data though.