I have made an application say "TestApp" which contains a content provider. Content provider shares the database access to all other application. Is there a mechanism in android which allows only few other application having a particular type of permission to access content provider of "TestApp"?
I don't want applications which do not have that specific permission to access the content provider of "TestApp".
Being a newbie i don't know the standard that a question asked should have.
Please help.
You could look at providing a custom permission in your application.
Custom permission question in stackoverflow
Developer.android.com
Please be aware that this could pose a security issue to your application.
The usual way to do this is to set android:protectionLevel="signature" on your permission. This will restrict access to only applications signed with the same certificate as the application which declares the permission. These applications may declare a <uses-permission> tag to gain access.
See also the general security tips article.
That said, be careful what you protect with this. It will prevent random applications the user installs from getting access to your data, but not if the user truly wishes to bypass these protections. If the user wants to give an application the ability to circumvent this, then the user can do so. This protects only against other applications gaining access when the usual security measures are in force.
Related
i have a question related to Android app run time permissions.
Is it preferrable/allowed practice for developers to save users' permission preferences i.e. each user has allowed/denied any permission, on our remote server database?
Offcourse we are asking run time permission for every feature we want to use, but is it preferrable that we log on server that if user has allowed for any permission or not, please let know. Thanks
Android framework has restricted the developers to ask only those permissions which are necessary to implement a specific feature and that too if there's no other way to implement the feature without that specific permission. In your case, it seems like you have already taken care of the permissions and just want to hold the result of the asked permissions.
So the answer is YES, You can save this data and it's even considered good practice for handling permissions. Here's the reference from the official android documentation.
Greater flexibility in granting permissions
Users can deny access to individual permissions at the time they’re requested and in settings, but they may still be surprised when functionality is broken as a result. It’s a good idea to monitor how many users are denying permissions (e.g. using Google Analytics) so that you can either refactor your app to avoid depending on that permission or provide a better explanation of why you need the permission for your app to work properly. You should also make sure that your app handles exceptions when users deny permission requests or toggle off permissions in settings.
https://developer.android.com/training/permissions/usage-notes
What is the best way to access the app usage database on Android, without using the API?
In particular, I would like to make a local copy of the database behind this API:
http://developer.android.com/reference/android/app/usage/UsageStats.html
There's no best way, other than the API. You may or may not receive the permission to access this data. On this page it says:
NOTE: This API requires the permission
android.permission.PACKAGE_USAGE_STATS, which is a system-level
permission and will not be granted to third-party apps. However,
declaring the permission implies intention to use the API and the user
of the device can grant permission through the Settings application.
It reads as though you might get the permission if you declare it and the user grants it... or you might not, as it will not be granted to third-party apps.
I was recently reading up about custom permission for our application in android.
uses-permission is clear. It contains the permission that your application will need in order to access some of user data or device features, etc and to function properly.
Now, we come to permission element. It declares permissions that activities or services might require other applications hold in order to use your application's data or logic
Now, say I use permission tag in my application's manifest file such as:
<permission android:name="my.pkg.CUST_PER"/>
This will imply that my application may have this possible permission.
And enforce that permission using it in my Activity tag like this:
<activity
android:name=".MyApp"
android:permission="my.pkg.CUST_PER">
Now, as per my understanding, only applications that have requested my indicated permission will be able to access my application's secured components.
If other app tries to access those components without my custom permission, what will happen? I think it should crash, and will that be seen in logcat as:
SecurityException: Missing permission: my.pkg.CUST_PER
If so, isn't that a security breach?
How to protect application data in such a circumstance?
uses-permission is clear. It contains the permission that your application will need in order to access some of user data or device features, etc and to function properly.
<uses-permission> means that your app wishes to hold the permission named in the <uses-permission> element. What is defended by that permission is up to other developers. In some cases, it may be defending some things that allow you "to access some of user data or device features".
This will imply that my application may have this possible permission.
No, it does not. It simply defines a new permission. It does not state that your app, or any other app, has anything else to do with the permission.
Now, as per my understanding, only applications that have requested my indicated permission will be able to access my application's secured components.
More accurately, only apps with the <uses-permission> element could qualify to access the secured component. In addition, as Mr. Orlowski notes, the protectionLevel of the <permission> indicates if user acceptance is involved (a protectinoLevel of normal or dangerous), if the app needs to be signed by the same signing key as the app that is defending itself with the permission (a protectionLevel of signature), or if the app needs to be installed on the /system partition (a protectionLevel of system).
If other app tries to access those components without my custom permission, what will happen? I think it should crash, and will that be seen in logcat as: Requires this permission: my.pkg.CUST_PER
Correct.
If so, isn't that a security breach?
Not particularly.
How to protect application data in such a circumstance?
Don't expose it in the first place. The complete and entire point behind having android:permission is because you want other apps to have access to the data, subject to user acceptance, signature match, etc. If you do not want other apps to have access to the data, do not export the component. For activities, services, and manifest-registered receivers, this is usually accomplished by not having an <intent-filter>. For <provider> elements, you will want to manually have the android:exported attribute set to false.
How to protect application data in such a circumstance?
You should have read whole docs as android:protectionLevel exists exactly to address this problem and is explained here:
https://developer.android.com/guide/topics/manifest/permission-element.html#plevel
I want to export a ContentProvider for use by another one of MY apps. How do I prevent other apps from accessing it? If I use an android:permission attribute, can't 3rd party apps just apply that permission to their app? I really need to lock down access to my apps only.
Thanks in advance...
If I use an android:permission attribute, can't 3rd party apps just apply that permission to their app?
Well, you can use a signature-level custom permission (android:protectionLevel="signature"). Then, the app holding the permission and the app defending itself with the permission have to be signed by the same signing key.
There's a bug/limitation in Android that can allow an attacker, installed before your app, to hold this permission even though the attacker is not signed by your signing key. I go into that in more detail in this report (as it's a bit complex for an SO answer) and have a PermissionUtils class to help you detect that case.
I was under the impressions that two apps were sandboxed and unable to call each other (by intents or contentresolver etc) unless the callee declared and enforced specific permissions and the caller used appropriate uses-permission elements? However, I have developed two apps, one containing a content provider, and another with activities that use the content provider. Neither have permissions declared enforced or used. I deploy them directly from Eclipse to my phone and they are able to use each other.
I have checked that they really are running as separate processes and user ids, and they are. Why am I not seeing security exceptions? Should Linux underneath, by default, stop this communication? They will be signed by the default DEBUG certificate. Does this give them more rights to "talk" to each other, i.e. if I signed with an explicit certificate would the sandboxing kick in?
As soon as I declare and enforce a permission in the content provider app the other app does need the uses-permission to allow communication.
Cheers
Yes, if your apps have the same signature, then they have access to each other. It's similar to package level permissions in java.
http://developer.android.com/guide/topics/security/security.html