Security of the broadcast

Security of the broadcast

Local Broadcast:app in-app broadcast (app app is bounded by app app)

Broadcasts in Android can communicate across processes and even across apps, and registration is exported the default value is true for intent-filter cases, which can potentially have security implications as follows:

1. Other apps may have targeted broadcasts that match the current app Intent-filter, causing the current app to receive broadcasts and process them continuously;

2. Other apps can register intent-filter that are consistent with the current app to receive broadcasts and get broadcast specific information.

In either case, these security risks are real. As a result, the most common scenarios for increasing security are:

1. For sending and receiving broadcasts within the same app, the exported attribute is artificially set to false so that the broadcast is not received within the app;

2. When the broadcast is sent and received, the corresponding permission are added for authorization verification;

3. When sending a broadcast, specify the package name of the particular broadcast receiver, specified by Intent.setpackage (PackageName), so that the broadcast will only be sent to a valid broadcast receiver within the app that matches it in the package.

App-in-app broadcasts can be interpreted as a form of partial broadcast, where both the sender and receiver of the broadcast belong to an app. In real business needs, app-in-app broadcasts may actually need to be used. At the same time, the use of in-app broadcasts, rather than the form of global broadcasts, is more about security issues in the Android broadcast mechanism.

In contrast to global broadcasts, the app in-app broadcast benefits are:

1. Higher security;

2. More efficient.

To this end, the Android V4 Compatibility Pack gives the encapsulated Localbroadcastmanager class for unified handling of broadcast issues within the app, almost the same way as the usual global broadcasts, just registering/ When you unregister a broadcast receiver and send a broadcast, the keynote context becomes a single instance of Localbroadcastmanager.

Registerreceiver (Mbroadcastreceiver, intentfilter);//Register in-app broadcast receiver Localbroadcastmanager = Localbroadcastmanager.getinstance (this); Localbroadcastmanager.registerreceiver (Mbroadcastreceiver, Intentfilter);        Unregisterreceiver (mbroadcastreceiver);//unregister the in-app broadcast receiver Localbroadcastmanager.unregisterreceiver ( Mbroadcastreceiver); Intent Intent = new Intent (); intent.setaction (broadcast_action); Intent.putextra ("Name", " Qqyumidi ");//sendbroadcast (intent);//Send in-app broadcast localbroadcastmanager.sendbroadcast (intent)    ;

Security of the broadcast