On Monday, March 5, 2012 12:21:56 PM UTC-5, Harsha Joshi wrote: > > So there isnt a user defined permission that can be created for > this?. basically when the application is launched the user is prompted > with a message saying this application is using so and so feature. > Similar to the telephony capbility
Sort of - if you package the "library" as an android service in its own apk, running in it's own process under its own UID, then it has various means of restricting who it wants to talk to. This comes at the cost of introducing IPC into all interactions with it - Android has some fairly efficient and minimally painful ways of doing so, but it's still not ideal for all purposes. And again this assumes that your code runs unmodified on an unmodified platform. Putting it in its own apk generally means a potential client apk cannot modify you code without the user's cooperation, but with the user in on the attempt to authorize installation of a patched copy, this separation provides only one more minor hurdle. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/NLSv6RqmtAEJ. To post to this group, send email to android-security-discuss@googlegroups.com. To unsubscribe from this group, send email to android-security-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.