Thoughts on BroadCastReceiver security, broadcastreceiver

Thoughts on BroadCastReceiver security, broadcastreceiver

Respect Originality:Http://blog.csdn.net/yuanzeyao/article/details/38948863

BroadCastReceiver is one of the four major Android components and is widely used and simple. However, we usually ignore a security issue during usage. It is easy for others to obtain the broadcast in our App through decompilation, and then send broadcast frequently to your App. This is of course a phenomenon we don't want to see, so how can we avoid the broadcast registered in the application from responding to the broadcast sent by other applications? Before solving this problem, let's take a look at how to send a broadcast.

There are two ways to send a broadcast in Android: Display and implicit.

Explicit:

Intent intent=new Intent(this,MyBroadCastReceiver.class);    this.sendBroadcast(intent);

The so-called display is to determine which broadcast you want to send. In the above example, the broadcast MyBroadCastReceiver

Implicit:

Intent intent=new Intent("com.demo.action");    this.sendBroadcast(intent);

The so-called implicit method is to use action to match the broadcast. If the broadcast matches successfully, it will respond.

For broadcast displayed, unless it is intentionally attacked by others, it is usually rare to respond to broadcasts of others. However, for implicit broadcast, the above problems are very likely to occur, because actions are very easy to be the same, once they are the same, there will be problems.

The solution is as follows:

Solution 1:

In your own applications, add the export attribute when registering the consumer in manifest. xml, as shown below:

 <receiver android:name="com.baroad.demo.MyBroadCastReceiver" android:exported="false">             <intent-filter >                <action android:name="com.demo.action"/>                            </intent-filter>        </receiver>

After this attribute is added, the broadcast will not respond to external broadcasts.

Solution 2:

Custom permission: add the custom permission to manifest. xml, and then add this permission to the BroadCastReceiver in the response.

<permission         android:name="com.yzy.permission.STARTBROAD"          android:protectionLevel="normal">  

Then, register the preceding permissions to BroadCastReceiver.

 <receiver android:name="com.baroad.demo.MyBroadCastReceiver"  android:permission="com.yzy.permission.STARTBROAD">             <intent-filter >                <action android:name="com.demo.action"/>                            </intent-filter>        </receiver>

Solution 3:

The first two schemes are both set at the place where the broadcast is received, and the third is set at the place where the message is sent conveniently, to set which register your broadcast is valid.

Intent intent=new Intent("com.demo.action");    intent.setPackage("com.two.demo");    this.sendBroadcast(intent);

Solution 4:

Use LocalBroadcastManager for broadcast

 private LocalBroadcastManager mLocalBroadcastManager;   private BroadcastReceiver mReceiver;

  @Override  protected void onCreate(Bundle savedInstanceState)  {    super.onCreate(savedInstanceState);    setContentView(R.layout.activity_main);        IntentFilter filter = new IntentFilter();      filter.addAction("com.demo.action");      mReceiver = new MyBroadCastReceiver();     mLocalBroadcastManager = LocalBroadcastManager.getInstance(this);   mLocalBroadcastManager.registerReceiver(mReceiver, filter);  }

  public void start(View view)  {   mLocalBroadcastManager.sendBroadcast(new Intent("com.demo.action"));  }

@Overrideprotected void onDestroy() {   mLocalBroadcastManager.unregisterReceiver(mReceiver);   super.onDestroy();} 

Now, let's introduce it here. With the above four solutions, you can avoid your application responding to broadcasts of other applications.

For Android BroadcastReceiver

Context: the context of the current worker, which is almost equivalent to the activity of the current worker.

BroadcastReceiver of android

Public class TestActivity extends Activity {
/** Called when the activity is first created .*/
Private Button bt1 = null;
Private Button bt2 = null;
Private static String filter_ACTION = "android. provider. Telephony. SMS_RECEIVED ";
SMSReceiver smsReceiver = null;
Public String tag = "TestActivity ";
@ Override
Protected void onCreate (Bundle savedInstanceState ){
// TODO Auto-generated method stub
Super. onCreate (savedInstanceState );
RegisterReceiver ();
SetContentView (R. layout. main );
Bt1 = (Button) findViewById (R. id. button );
Bt1.setOnClickListener (new RegisterBroadReceiver ());
Bt2 = (Button) findViewById (R. id. button1 );
Bt2.setOnClickListener (new unRegisterBroadReceiver ());
}
Private void registerReceiver (){
IntentFilter filter = new IntentFilter ();
Filter. addAction (filter_ACTION );
SmsReceiver = new SMSReceiver ();
TestActivity. this. registerReceiver (smsReceiver, filter );
}
Class SMSReceiver extends BroadcastReceiver {
@ Override
Public void onReceive (Context context, Intent intent ){
// TODO Auto-generated method stub
Log. d (tag, "SMSReceiver ");

Toast. makeText (TestActivity. this, "New SMS" + intent. getStringExtra ("yaner"), Toast. LENGTH_LONG). show ();
}
}
Class RegisterBroadReceiver implements OnClickListener {
@ Override
Public void onClick (View v ){
Log. d (tag, "registerbroadcasted Er ");
Intent mIntent = new Intent (filter_ACTION );
MIntent. putE... remaining full text>