Reputation: 9173
Security of critical data passing between activities via intent extras
I wonder if it is a bad idea to pass critical data between application's activities via intent extras.
For example, assume an application have 2 activities: A and B. Activity B will be started by A and A passes some critical information such as password via an intent extra when starting B.
I wonder if this is a dangerous or bad practice in android. For example, can such an approach leak password to other apps? Is there any better way to do so? Generally, do you know any good reference for learning about bad practices in android coding?
Upvotes: 3
Views: 153
Answers (1)
Reputation: 16268
Assuming that you're referring to intents that just start specific Activities, I think you don't need to worry too much.
To take advantage of sensitive information in such intents, attacker will need to do at least one of the following:
- Find a bug in Android framework that can be exploited
- Upload custom ROM with malicious additions to user's device without user noticing
- Upload application APK with malicious additions to user's device without user noticing
While all these scenarios can theoretically happen, I wouldn't bother to safe-guard against them in most cases.
Upvotes: 2
Related Questions
- How to secure Intent data while sending it across applications
- How secure is opening another activity?
- Is data transfer between Android applications secure?
- Most secure way of sending data between activities in Android
- Security of sending sensitive intent extras within my own app?
- android activity protection from intent
- Protect against Intent Interception
- startActivity and intercept intent extras
- Protecting extra data in Android Intent
- Sending context/activity? Leaks? - Android