I am working on the security aspects of my android application.
I would like to know about the ways to secure the Intent data and extras while sending it from one application to another so that no other application other than these two can snoop it.
One of the brute-force approaches would be to use android's encryption-decryption to encode intent data, is there a better way to achieve the same ??
Thanks in advance.
As pointed in the other answers, although you can send an intent to a fully qualified activity, nothing prevents someone from creating an application with the same package.
You might want to add an additional security step to this scheme:
First send a 'Challenge' intent to the remote activity (it should, for example, encrypt a random string you provided using a shared passphrase and send it back to you).
If that first security step is ok, you may freely send unencrypted messages to this remote app by using its fully qualified activity.
This is rather lame security, but perhaps it's sufficient for your needs.
Please take a look at CommonsWare's comment below.
A more secure way might be to code your activity as a Bound Service, keeping the Challenge step, but by means of more private communication.
My guess is that if you use an explicit intent, i.e. specifying the class to which the intent is to be sent to, then no other class can intercept that intent and look at its data.
This method however, may fail if the class name in the application that you're trying to send the information to changes.
If an intent specifies the the target, which is part of the sender application's package, then other applications won't have the chance to capture it - it will be delivered to the intended receiver.
On the other hand, if you send an intent to another application, there is no guarantee that the receiver of the intent will have the implementation you expect: if you send your intent to com.mycompany.security.SecureReceiver, but instead of your application, another application is installed with the given class description, than you will send your intent to that application.
Also, Android is an open system. If someone compiles his own application framework, than he can manipulate the Intent delivery system.
Do you want to protect your data from the user, or from malicious applications?
Related
Suppose there are two apps on my device, GoodApp and EvilApp. I didn't write either of them. Both apps can use an ACTION_SEND Intent to start an exported activity in my app, passing data in. They both call startActivity, not startActivityForResult.
I want to trust the data I receive from GoodApp, but distrust and ignore the data I receive from EvilApp.
How can my Activity tell which app started it? Activity.getCallingActivity() returns null, because it wasn't started for-result. I can't send a message back to the apps asking "was it you who sent me this?" because they aren't written to respond to that, and their code is out of my control. Is there any way I can tell the difference?
Require apps use startActivityForResult in order for you to handle their request? (:
ActivityManager.getRunningTasks might give you a hint, but its documentation says not to use it for things like what you are asking.
We were having security related discussions on a project, and there was a point raised saying that passing unencrypted data via Intents might potentially be dangerous.
I wrote a few samples, and have listed my findings below.
Implicit Intents - It is dangerous to send sensitive data across Implicit Intents, since someone else can use the same Intent Filter that you have and intercept your data.
Explicit Intents within the Application - It is safe to send data via Intents. I wrote an Intent Sniffer based on what Mark Murphy lists here, but was unable to intercept intra-application Intents. Using 'New Task' and 'Single Task' flags did not change anything.
Explicit Intents to other Applications - I was able to sniff Intents when I launched the other app using the 'New Task' flag.
Please let me know if it looks okay, or if anyone else has alternate opinions. Is there any other scenario I should be testing ? Have I missed out on something ?
I know that public (named) intents that are registered with the system and can be called from any application and private (anonymous) intents that are used within a single
application. please can anyone give me an example for better understanding.
Thanks in advance
Sorry no time to write a full answer, but you can create custom permissions in order to sign your Intents & BroadcastReceivers.
When you use these custom permissions, only apps that have been signed with the same signing key, and include that custom permission, can see these Intents.
This question might help you:
How to use custom permissions in Android?
#Commonsware explains the issue really well in a recent blog post:
Don't have an Accidental API - The CommonsBlog
The Android documentation does probably the best job of explaining it, here is a relevant snippet:
There are two primary forms of intents you will use.
Explicit Intents have specified a component (via
setComponent(ComponentName) or setClass(Context, Class)), which
provides the exact class to be run. Often these will not include any
other information, simply being a way for an application to launch
various internal activities it has as the user interacts with the
application.
Implicit Intents have not specified a component; instead,
they must include enough information for the system to determine which
of the available components is best to run for that intent. When using
implicit intents, given such an arbitrary intent we need to know what
to do with it.
This is handled by the process of Intent resolution,
which maps an Intent to an Activity, BroadcastReceiver, or Service (or
sometimes two or more activities/receivers) that can handle it.
Explicit intents you use in your activity to start internal activities.
While implicit intents are used often used to launch other activities like when you want to share a link or email something, you send out an implicit intent and let the user decide the email client to use to send the email or to share the link.
There are some instances where you might want to use an implicit intent to run an internal component of your app, because it seems to be more stable.
Reading through the document and a couple others, none really specified what an Intent does with the URI that it is passed. I'm simply curious as to what happens when it gets a URI. I know it depends on the scheme, so if the scheme was http, does it then attempt to open that web URI?
I ask since I'm trying to consume RESTful API that sends data back in JSON format. Having it open the URI for me when trying to pass the data from one Activity to another rather than making the HTTP call myself via HttpClient would be nice. Not a big deal but I was just curious if that is how works.
An Intent is just an object ... it does nothing with the URI. An Intent is used in function calls like startActivity(), sendBroadcast(), etc.
For example, when you pass an Intent to startActivity(), that Intent object is made available to the Activity. The Activity can interpret the URI as it pleases.
Android also uses Intent Filters to help route intents to various installed activities, these intent filters may inspect the URI.
Review http://developer.android.com/guide/components/intents-filters.html for all the info.
It's not entirely clear what you mean, however the behavior of Intents is basically dictated by the Android package manager. You can think of an Intent as being a procedure call: you specify someone to handle the Intent, along with some additional data (parameters), possibly some category, etc...
The Android package manager looks at your intent and basically asks the question "what app on the system is prepared to consume and handle this intent?" The system then opens up that app (if it is not already resident in memory), and then throws the intent at the app. Note that there are cases where there exist some possibility of ambiguity among intent handlers: multiple apps could be prepared to handle the intent. You can sometimes see this in the form of the user being asked to select what app should handle the intent (and the user can select a default one).
The dynamic semantics of how intents are handled depends, of course, on the set of apps installed on the system, and may change depending on the type of app installed. It sounds like, in your case, you are mostly concerned with intents that have an ACTION_VIEW action associated with them. In the general case, things that look like URLs will be "caught" by the browser (though there is no guarantee that this be the case!), and the package manager will look at the structure of the URI and say "hey, this looks like it should be handled by app X," I'm going to send this URL to it. (And, of course, new apps can change this behavior by registering other intent filters..)
An intent is an abstract description of an operation to be performed.uri specific data that intent has to do operation on it:
Intent Structure
The primary pieces of information in an intent are:
action: The general action to be performed, such as ACTION_VIEW, ACTION_EDIT, ACTION_MAIN, etc.
data: The data to operate on, such as a person record in the contacts database, expressed as a Uri.
Some examples of action/data pairs are:
ACTION_VIEW content://contacts/people/1 -- Display information about the person whose identifier is "1".
ACTION_VIEW tel:123 -- Display the phone dialer with the given number filled in. Note how the VIEW action does what what is
considered the most reasonable thing for a particular URI.
ACTION_VIEW content://contacts/people/ -- Display a list of people, which the user can browse through. This example is a typical
top-level entry into the Contacts application, showing you the list of
people. Selecting a particular person to view would result in a new
intent { ACTION_VIEW content://contacts/N } being used to start an
activity to display that person.
So you can see that same Action with different data/uri perform different Action on data operate on.
What's the proper way for other people to reuse my Activities? Should they hard code the intent actions in their app or is it customary to provide them with a jar file enumerating my app's intent actions? Is there a less tightly-coupled way to lookup the intent actions?
First of all, take a look at openintents.org and see if there's any match to what your activity does.
Secondly, documentation is always a good idea.
Having the intent details hardcoded in their applications should work just fine. After all, the intents are part of your public interface and shouldn't change.
Your applications manifest should announce what sorts of things your activity can handle, via intent-filters. Outside users can read the manifest to determine what actions you support, and invoke them via action intents.
See intents and intent filters for more details.