Home > Developer > Android

Android component security

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Android component security

1. Activity, Service, BroadcastReceiver, and ContentProvider are four major components of Android. Their security is very important. The security vulnerabilities of the four major components mainly focus on whether external calls are allowed and whether external calls are at risk.

Whether the four components can be called externally depends on the Boolean value of the tag export of the four components defined in AndroidManifest. xml. As follows:

 

 

If export is true, PartActivity can be called externally. If the value of export is false, PartActivity cannot be called externally.

 

We noticed that when defining the four major components, we often do not write the export label. What is the default export of the system?

(1) If the four components contain intent-filter, the Android system considers that this component can be implicitly called by the outside, so the default export is true.

 

 

(2) If the four components do not contain the intent-filter, the Android system considers that the component value can only be explicitly called internally, so the default export is false.

 

2. To increase the security of four components, you can define that a permission is required to access a component.

 

 

  android:permission=com.example.test.permission
If you need to use it, it must be in AndroidManifest. xml. You can apply for permissions, and also pay attention to protectionLevel. If it is Signature, only applications with the same private key Signature can apply for this permission.

 

 

 

 


3. Use Intent to start different components as follows:

 

Component name

Method Name

Activity

StartActivity ()

StartActivityForResult ()

Service

StartService ()

BindService ()

Broadcasts

SendBroadcast ()

SendOrderedBroadcast ()

SendStickyBroadcast ()

SendBroadcast has a method that does not need to be declared in AndroidManifest. xml. uses-permission; permissions attached to sending directly, sendBroadcast (intent, receiverPermission ). Dynamically registered referers can specify the permissions required to access them in the code.

 

4. ContentProvider Security

 
To read contentProvider, you must apply for readPermission. To write contentProvider, you must apply for writePermission.

 

 

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
sca component security credentials android android biometric security security certificate android android fingerprint security android november security update android security pin
Related Article
Android's approach to using Bytebuffer in JNI
Deep Learning Application Series (iii) | Build your own image...
Android and JS call each other

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More