I have an applications which has different activities. One of those activities can be called from other applications.
Is there a way to set permission that this certain activity can be called only from specified applications (e.g. com.other.application and com.different.application). I would configure those allowed applications in AndroidManifest.xml or somewhere else.
Thanks
You can define your own permission and only allow apps that request that permission access the functionality.
Define Permission
<permission android:name="uk.co.packagename.mypermission"/>
Set permission on activity
<activity android:permission="uk.co.packagename.mypermission" android:name=".ActivityName"/>
Use Permission
<uses-permission android:name="uk.co.packagename.mypermission"/>
You can either declare your activity to be accessible or not by outside of the application package, but for some application accessible or for some not is not feasible.
To make private an activity to your application you need to set property of Activity in manifest: exported=false;
Related
I have main application A that uses other apps as plugins, lets say B, C and D. I have no control over what app will be installed first.
How do I define signature level permission so only main app A can start plugin apps B, C and D?
Plugins don't have UI so user can't start them manually but I need to make sure only my main app can launch them. I tried defining the permission in plugins like so:
<permission
android:name="my.custom.permission.START_PLUGIN"
android:protectionLevel="signature"/>
And then in my main app:
<uses-permission android:name="my.custom.permission.START_PLUGIN" />
This doesn't seem to be correct approach. Can anyone tell me the correct way to achieve what I described above? Thanks.
EDIT: My plugins are implemented as bound services with AIDL interface.
To answer my original question, to make my example work, all you have to do is add permission attribute to your application components you want to protect. This is done in Manifest.xml file.
Let's say you have activity called MyActivity that you want only your apps with START_PLUGIN permission to be able to launch. So in your plugin, you do:
<permission
android:name="my.custom.permission.START_PLUGIN"
android:protectionLevel="signature"/>
and:
<activity
android:name=".MyActivity"
android:permission="my.custom.permission.START_PLUGIN"/>
The last one will ensure that only apps with START_PLUGIN permission can access that activity. So all you need to do is in app that should start this plugin use the permission like so:
<uses-permission android:name="my.custom.permission.START_PLUGIN" />
To decide if you want to use permission with signature level protection, or sharedUserId as suggested by #pskink in comments, consider following:
sharedUserId tightly couples both (or more) apps, enables them to access not only specific activities but their files (even SharedPreferences) and views and basically removes any level of separation
custom permission enables to to specify which parts of your app are to be protected, leaving you with more control but also with the need for IPC like AIDL
Links:
sharedUserId Android Reference
How to access data of app with sharedUserId
AIDL Reference
Android permission protection levels
I came across with the following issue. I have an activity that uses to permissions: recording audio and writing to external storage and returns the result to those activities that started it with an intent.
I want to make sure that only those other apps could launch it, that have both uses-permissions.
I tried the following declaration in manifest file, but it seems to be incorrect, as android does not allow double use of android permission attribute in activity.
<activity
android:name="some_name"
android:label="some_label"
android:permission="android.permission.RECORD_AUDIO"
android:permission="android.permission.WRITE_EXTERNAL_STORAGE"
</activity>
Is there any way to make this possible with android?
You can crate a custom permission which can be android.permission.RECORD_AUDIO and android.permission.WRITE_EXTERNAL_STORAGE (Both in one permission) and then put that permission in your Activiy.
if I have a Service or an Activity that I want to be started only by another Activity in my app, do I need to declare it in the manifest? I.e., I always launch a secondary activity from the primary activity of my app that directly points the secondary activity's class (no intent filter resolution), is still necessary to declare the secondary activity in the manifest?
And what if I don't want anyone outside my app to be able to launch my secondary activity?
1.YES
2.YES
3.set exported false in the manifest.
Read here for more information
What is Manifest?
Manifest file for an android application is a resource file which contains all the details needed by the android system about the application. It is a key file that works as a bridge between the android developer and the android platform. It helps the developer to pass on functionality and requirements of our application to Android. This is an xml file which must be named as AndroidManifest.xml and placed at application root. Every Android app must have AndroidManifest.xml file. AndroidManifest.xml allows us to define,
The packages, API, libraries needed for the application.
Basic building blocks of application like activities, services and etc.
Details about permissions.
Set of classes needed before launch.
Do I need to declare it in the manifest?
Yes
Is still necessary to declare the secondary activity in the manifest?
Yes
What if I don't want anyone outside my app to be able to launch my secondary activity?
android:exported="false"
We must declare in AndroidManifresh according to https://developer.android.com/guide/topics/manifest/activity-element.html
Declares an activity (an Activity subclass) that implements part of
the application's visual user interface. All activities must be
represented by elements in the manifest file. Any that are
not declared there will not be seen by the system and will never be
run.
I written 2 apps.
First app has only service and second one has an Activity. I am starting the service in 1st app from activity in 2nd app. In Service I am modifying audio settings so, I need android.permission.MODIFY_AUDIO_SETTINGS in manifest.
My question is in which manifest file I have to add this permission. Why I am asking because if I add this permission in Service app manifest I am getting warning Exported service does not require permission.
If anybody know it, post the solution.
You need to add this permission to application, not service. Permissions for services are to let you limit who can access them which is something different. You need to add
<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS" />
to your Manifest, above <application> block of application that does the audio settings change.
I want to define a permission in my Android app, and let other third-party apps to use. This permission is used to restrict calling of my modules. That is, third-party apps must request the right permission to call my module, just like using system permissions defined by Android system, android.permission.INTERNET or so.
In my test, I defined the permission in my app, say "my.apps.permission.my_permission", and then install it on emulator. In some of my Activities, android:permission="my.apps.permission.my_permission" property is added. This property forces the apps calling my activities must have the right permission "my.apps.permission.my_permission". Then in a test app, request the permission in AndroidManifest.xml, <uses-permission android:name="my.apps.permission.my_permission" />
The problem is, in the test app, which will call my permission-required activities, when I call startActivity(), I got a SecurityException : Permission Denied. But, if I defined a permission with the same name in the test app, everything works fine.
And, the followings are my conclusions:
1) It seems that, the permission defined in my app, "my.apps.permission.my_permission", is not visible to other third-party apps. How to make it visible, so that other apps can use my permission just like the ones defined in Android system?
2) Even is visible, Android won't check user-defined permissions with name conflicting.(I test this by define a permission with name "android.permission.INTERNET" in test app and overrides the system-defined one, and require "android.permission.INTERNET" in my app, and still, everything works fine.) If so, every other apps can define a permission with the same name that my module requires, and cheat my app. Is that right?
Anyone can help?
Thanks a lot!
I got the answer.
My own app, which defined the permission for other apps to use, must be installed before other apps who want to use my permissions. Otherwise, those apps must be re-installed, to use my permissions. No other operations or codes are needed, just <uses-permission android:name="my.apps.permission.my_permission" />, the same as other system defined permissions.
And, several apps may define permissions with the same name, conflicting with each other. The first installed app occupies the conflicting permission name, others won't overwrite or change the original permission.