Reputation: 61
security in using shareduserid
This might sound like a vague question, but i have to ask.
i am a beginner android developer and just came to know about the working of interprocess communication in android. If same shareduserid is used in 2 application then they have the authority to access each others data, so that means that i can decompile any apk, find out its shareduserid from manifest and create my application with same shareduserid to access its data.
Am i missing something ?
How should i keep my data safe if i want to create 2 applications(which work together thus exposing shareduserid) in future?
Upvotes: 1
Views: 448
Answers (1)
Reputation: 21183
Shared user IDs are enforced by the certificate signature. The platform will grant/assign same user ID only if the applications are signed with the same certificate. Ref.:
android:sharedUserId
The name of a Linux user ID that will be shared with other applications. By default, Android assigns each application its own unique user ID. However, if this attribute is set to the same value for two or more applications, they will all share the same ID — provided that they are also signed by the same certificate. Application with the same user ID can access each other's data and, if desired, run in the same process.
Upvotes: 2
Related Questions
- READ_EXTERNAL_STORAGE permission for Android
- How can I save an activity state using the save instance state?
- How does Content Provider's application specify permissions that client apps need in order to access the provider's data?
- How to deal with "${applicationid}" in Xamarin?
- Mobile Application Security
- Two Application's using sharedUserID - createPackageContext issue
- Call methods of a service in the same "shared" process without using AIDL