Reputation: 2737
How can I sandbox a third-party library within my Android application?
I include an AAR in my app which comes from a third party. My app declares lots of permissions, and has access to APIs that could potentially be used to access sensitive info or perform malicious actions. As I understand it, this means that the third-party library can access (and potentially abuse) all these same APIs, even if it does not declare the required permissions in its manifest.
How can I restrict/sandbox third party libraries in my app so they have access to the APIs needed for their stated purposes, and no more?
Upvotes: 1
Views: 174
Answers (1)
Reputation: 93613
You can't. The OS doesn't know what parts of your app are a library and what parts are written by you. When running an app there's no difference between a library class and one of your own. If you don't trust a library, you shouldn't use it.
Upvotes: 2
Related Questions
- Is it possible to ask for runtime permissions from a library?
- Limiting permissions for 3rd party software modules in Android Development
- Best practice to protect android library's source code?
- How to keep 3rd party library for Android?
- Protecting Android Library
- How to limit access to some APIs of Android library
- How to run a library in a "sandbox" mode using Java?
- How to load native library securely in Android?
- what permission should be added for external library in android
- Android library project using other 3rd party libraries