Thursday, January 16, 2014

[android-developers] Custom permissions with pre-installed app

Hi,

I'm working with a large phone manufacturer and a SaaS provider and have the following situation:
- The mfr has an app A which is pre-installed as a system app on the phone. It's not particularly privileged other than being pre-installed.
- The SaaS provider has a faceless app B that provides an activity available to app A. (The functionality in B is to enable users of A to purchase content from the SaaS provider).
- The entry activity in app B is "protected" with a custom permission C, with protectionLevel="normal". (I put "protected" in quotes because it's not real security).
- If app B is also pre-installed, there's no problem and A can launch B just fine. This is the way these apps have been shipped to millions of customers already and works fine.
- If app B is not pre-installed but must be downloaded from Google Play, then when A tries to launch B, it receives a SecurityException:
  java.lang.SecurityException: Permission Denial: starting Intent { cmp=com.B/.MainShadowActivity (has extras) } from ProcessRecord{} (pid=1987, uid=10211) requires com.B.permission.START_ACTIVITY

If I create a standalone simulation app D for the exact same Intent that is in app A, I cannot generate this security exception, no matter in what order I install D or B, and whether D is release or debug signed.

Why would a pre-installed app behave differently when launching an intent with a custom permission with protectionLevel="normal"? Is there any way to fix or workaround this problem?

Thanks,
--Me

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
---
You received this message because you are subscribed to the Google Groups "Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

posted by twitter @ 4:19 PM   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home


Real Estate