@Mark That is extremely interesting! Just like you, I assumed that intent extras were private. This begs the question... What to do then to keep intent extras private? Better yet, how should we pass sensitive data in an intent extra in such a way that the data remains secure?
For example, in the OP's question they use the example of a password. Now you can encrypt that password before sending as an intent extra thus any nefarious app would not actually collect the "real" password. However, if the receiving end expects an encrypted password then all the bad app has to do is use the encrypted password string and voila it has access. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
