Reputation: 23318
Custom permission between two apps with different signatures
I have two application which are signed with different certs/keys.
I want to make authenticated call (to a service) from application A to app B (so no 3rd party can make such call).
Common solution for such things in Android is custom permissions with signature protection level. However, it won't work in my case, because two apps are signed with different certs (developed by different companies)
So, the question is. What is the best practice for this case, if I want allow only application A (or any apps developed by this company) to call/bind a service in app B?
Upvotes: 1
Views: 1180
Answers (1)
Reputation: 1007658
There really isn't one, IMHO.
If the permission is not signature-based, the user can grant it to any app that asks for it, so a permission will not help you.
If you use services with the binding pattern, your Binder has getCallingUid(), which you can use to find the UID of the calling app. With some work, you can find out the package name for that UID from PackageManager. How you validate that package name is up to you (baked-in whitelist, try to make sense of the package's signature from PackageManager, whatever). That doesn't prevent somebody from messing with your APK and hacking your validation routine, though.
Upvotes: 2
Related Questions
- Multiple APK signing - signature protectionLevel behavior
- How to add and use (signature/system level) permission in an Android application
- Android signature level permission among multiple apps
- Share data/flag between two Android apps
- Custom permission for application
- Regarding Android Permissions and Signature Protection level
- Launch Activity /Service of an applications from two applications with different signing keys
- How to use permission with signature protection?
- Enable communication between two Android apps via custom permissions
- Setting the Permission from one particular App to the another in Android