You can have some kind of challenge / response function in the service's
interface.
Now, if the service is local ("android:exported=false") then it won't be
available to other applications, so this whole issue doesn't apply -
unless someone decompiles and rebuilds your application. But in that
case, they could disable any validation code in your service and activity.
So keep this scenario in mind - either keep it really simple and just
rely on local service, or implement measures against code changes, like
obfuscation and signature checking.
-- Kostya
04.03.2011 4:17, dnkoutso пишет:
As an added note, I know I can verify from the Service if the
application that is trying to bind is a valid one, I am actually
asking the opposite, how can the application ensure it is bound to the
real service? Perhaps, something with permissions? --
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
--
Kostya Vasilyev -- http://kmansoft.wordpress.com
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
