Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


This compliant solution shows the permissions set in the manifest that prevent the service shown in the noncompliant code example from being started by an inappropriate application:

Disclaimer: the code below is preliminary. and modifed from an answer from stackoverflow.

Code Block
//base app manifest

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <permission android:name="customPermission" android:protectionLevel="dangerous" ...></permission>
    <application ...>
            ... >
                <action android:name="android.intent.action.MAIN" />
                <category android:name="android.intent.category.LAUNCHER" />
            <intent-filter >
                <action android:name="package_name.MyAction" />
                <category android:name="android.intent.category.DEFAULT" />                
//apps who wish to use base app manifest
<manifest ...>
     android:maxSdkVersion=.. />
//in the activities of these apps where we want to use the base-app's activity under protection
Intent in = new Intent();

The above is a general example on how to use custom permission. There are also other types of permissions aside from "dangerous" .  Please note that the order the  of how the apps are started also affect how permission works [Murphy 2011].

Risk Assessment

Failing to protect an exported service with strong permissions may lead to sensitive data being revealed or to denial of service.


TODO: edit code section, add bibliography