Android: Does passing values through static variable cause securtiy issues?

Question

Passing values through static variables is focused from other technical perspective here, however I want to know if using static variables as global variables across all application scope, lead to security issues or information leakage since android apps are running inside standalone sandboxes?

Answer 1

You mean Intent can be said less secure than static variables?

Whenever you call startActivity(), startService(), bindService(), or sendBroadcast() on a Context, the Intent leaves your process, goes to a core OS process, and then goes to whatever process contains the component you are trying to work with. That includes cases where the component calling the method is in the same process as the component it is trying to work with. All else being equal, a static variable is more secure, in that it does not leave the process (unless you do that yourself).

As far as we know, Intent objects are secure against spies. However, there have been bugs in this area in the past, and I cannot rule out the possibility of bugs in the future.

from all application scope I meant static variables are shared and everybody inside application can see it

You are responsible for all of the code in your application, except for the framework implementation.

if an application have several process, static variables are shared among them

No.

or each process hold different instances of static variable?

Yes.