Android Content Providers - Is it possible to restrict the provider to a set of applications not written by me?

Question

When it comes to securing a content provider, I was wondering if there was a step between normal permission level security and signature level security.

I have an application using a provider that I would like to expose to a particular set of other applications. However, those select other apps will not be written by me, so using a signature level permission won't suffice since the signatures would be different.

Also, if I use a normal permission for the provider, and if the consuming application does not have that permission and throws a SecurityException, the logged exception says the name of the required permission, so the consuming app can simply add that permission to its Manifest and gain access to circumvent the permission.

Is there a way I could only allow other applications access to the provider at runtime?

Thanks.

Answer 1

One solution off the top of my head might be to wrap your content provider in a Service. This way queries come through as intents or through a binder. You can restrict the intents by checking the package name, which I think is harder fake if the app came through the app market.

I think you're asking the impossible though. Any attempt at this kind of security can be circumvented on rooted phones.

Answer 2

I do not know precisely but I think that you can use Binder.getCallingUid() function in your ContentProvider. Using this method you can check the Uids of the calling applications and restrict the usage of your CP basing on application UID.

Update: During the installation Android OS assigns UID to the installing application. So UIDs can be different on different devices. But the package name of the application is the same across all devices. But if I know which package can read your data I can simply spoof it.