Security of the broadcast

Source: Internet
Author: User

Security of the broadcast

Local Broadcast:app in-app broadcast (app app is bounded by app app)

Broadcasts in Android can communicate across processes and even across apps, and registration is exported the default value is true for intent-filter cases, which can potentially have security implications as follows:

1. Other apps may have targeted broadcasts that match the current app Intent-filter, causing the current app to receive broadcasts and process them continuously;

2. Other apps can register intent-filter that are consistent with the current app to receive broadcasts and get broadcast specific information.

In either case, these security risks are real. As a result, the most common scenarios for increasing security are:

1. For sending and receiving broadcasts within the same app, the exported attribute is artificially set to false so that the broadcast is not received within the app;

2. When the broadcast is sent and received, the corresponding permission are added for authorization verification;

3. When sending a broadcast, specify the package name of the particular broadcast receiver, specified by Intent.setpackage (PackageName), so that the broadcast will only be sent to a valid broadcast receiver within the app that matches it in the package.

App-in-app broadcasts can be interpreted as a form of partial broadcast, where both the sender and receiver of the broadcast belong to an app. In real business needs, app-in-app broadcasts may actually need to be used. At the same time, the use of in-app broadcasts, rather than the form of global broadcasts, is more about security issues in the Android broadcast mechanism.

In contrast to global broadcasts, the app in-app broadcast benefits are:

1. Higher security;

2. More efficient.

To this end, the Android V4 Compatibility Pack gives the encapsulated Localbroadcastmanager class for unified handling of broadcast issues within the app, almost the same way as the usual global broadcasts, just registering/ When you unregister a broadcast receiver and send a broadcast, the keynote context becomes a single instance of Localbroadcastmanager.

Registerreceiver (Mbroadcastreceiver, intentfilter);//Register in-app broadcast receiver Localbroadcastmanager = Localbroadcastmanager.getinstance (this); Localbroadcastmanager.registerreceiver (Mbroadcastreceiver, Intentfilter);        Unregisterreceiver (mbroadcastreceiver);//unregister the in-app broadcast receiver Localbroadcastmanager.unregisterreceiver ( Mbroadcastreceiver); Intent Intent = new Intent (); intent.setaction (broadcast_action); Intent.putextra ("Name", " Qqyumidi ");//sendbroadcast (intent);//Send in-app broadcast localbroadcastmanager.sendbroadcast (intent)    ;

Security of the broadcast

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.