Android Learning 14 Explore security and permissions

Source: Internet
Author: User

1. Deployment security: The application must use a digital certificate to install to the device.

2. Security during execution: 2.1 Using stand-alone process 2.2 using a fixed unique user ID 2.3 Declaration of Rights Model 3 digital certificate 3.1. Usefulness of digital certificates: using digital certificates to sign an appPrevents the application from being updated illegally (only the same digital certificate can be updated) 3.2. Digital certificates: Artifacts that contain information such as company name and address.   Important features include (signature and public/private key).   3.3. Acquisition of digital certificates: A. Purchase from a certification Authority B. Generate using tools such as Keytool.   3.4 Storage of digital certificates: stored in the KeyStore, with aliases, represented in the KeyStore with aliases. 3.5 Certificate Generation Command Keytool-genkey-v-keystore "C:\android\release\release.keystore"

-alias androidbook-storepass paxxword-keypass paxxword-keyalg RSA
-validity 14000

Validity period Google requires more than 14,000 days, if it fails, the app can continue to use, but to update and other building activities will be error. 3.6 The certificate update must match the previous certificate.
4. Sign the application: 4.1 Three elements: Digital certificate, APK, the use of a digital certificate to the APK file (you can use Jarsigner in the JDK) 4.2 5. The default signing certificate used for debugging cannot be used for production deployments because it is valid for only 365 days. 6.android requires that updates to the app and program be signed with the original signature. 7. To improve operational efficiency, the Android view maps the uncompressed data in the app to Memory Mmap (), but the premise is that the data in the app is byte aligned, so it's best to align the app before publishing it to the device. The SDK provides tools that can be executed at the command line: >zipalign-v 4 old.apk new.apk Check reconciliation >zipalign-c-V 4 afinaltest_align.apk 8. Boundary Security: Standalone The user ID and the independent process, guaranteeing the boundary. To apply a direct resource share, it must be displayed. 9. The required permissions must be declared in the description file, and when the installation is applied, the user can decide whether to allow these permissions, and if not, any unauthorized operations will fail. 10. Common permissions 11. Add a permission Request method <manifest ... >

<application>
...
</application>
<uses-permission android:name= "Android.permission.CAMERA"/>
<uses-permission android:name= "Android.permission.READ_CONTACTS"/>
<uses-permission android:name= "Android.permission.READ_CALENDAR"/>
</manifest>

12. Customizing permissions<PermissionAndroid:protectionlevel = "Normal"Android:label= "Start My Activity"android:description= "@string/startmyactivitydesc"Android:name= "Dcm.permission.STARTMYACTIVITY" ></Permission>   use a custom authorization to control the invocation permissions of an activity       <Activity Android:name= "Privactivity" android:permission = "Dcm.permission.STARTMYACTIVITY"> <Intent-filter >                <Action Android:name= "Android.intent.action.MAIN" />        </Intent-filter>    </Activity >    Request Custom permissions      < uses-permission Android:name = "Dcm.permission.STARTMYACTIVITY" />12.URI permission-passing apps can pass ContentProvider permissions, while ContentProvider's permissions are presented through URIs. If an app wants to pass permissions to another app, it can do the following, provided the appropriate permissions are required to deliver the permission. Intent Intent = new Intent (Intent.action_view);
Intent.setdata (Contenturi);
Intent.addflags (intent.flag_grant_read_uri_permission);
StartActivity (Intent);

Android Learning 14 Explore security and permissions

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.