CODEWITHSUNDEEP
androidandroid-contentprovider
Kaps
Kaps

Reputation: 2355

How to restrict content provider data across applications

How can we ensure that certain applications are not able to access my data stored in content provider where in certain other applications can access that? Basically I need to allow some application of my interest to access my data stored in Content Provider but I do not want all the applications to be able to access that data. How can I achieve this?

Thanks.

Upvotes: 20

Views: 10743

Answers (2)

Zelimir
Zelimir

Reputation: 11028

In the AndroidManifest.xml, at the screen with the properties of your ContentProvider, you have two fields:

Read Permission WritePermission

So, you can define secure strings (also it may be path to some file) that are permissions for acces to your ContentProvider.

Applications that want to access your content provider must have that ones added in their UsesPermission elements.

Upvotes: 4

hackbod
hackbod

Reputation: 91331

The easiest way is to protect the content provider with a permission you define. Make it a signature a permission so only apps signed with your certificate are allowed to get it.

See:

http://developer.android.com/guide/topics/security/security.html

http://developer.android.com/reference/android/R.styleable.html#AndroidManifestProvider

http://developer.android.com/guide/topics/manifest/provider-element.html

If doing this based on certificates is not sufficient, you will need to write the permission checks yourself. This is done by calling Binder.getCallingUid() for incoming calls to your applications, and deciding whether the given uid has permission to access your provider. Actually implementing a different policy that is actually secure requires a lot of careful thought and design, though.

Upvotes: 21

Related Questions