I think apk(s) are world readable. Try accessing the other applications
private data location.
On Friday, May 25, 2012 3:31:39 PM UTC+1, Latimerius wrote:
>
> Hi all,
>
> I'm slightly confused about when applications are allowed to access
> other applications' data. I believe I've read all relevant parts of
> the Dev Guide like the "Security and Permissions" article or
> android:sharedUserId and signature-level permissions documentation but
> after running some tests I'm still surprised by what I see.
>
> In particular, I've set up two .apk's. Both are created with Eclipse
> ADT and (I believe) signed with the same debug key but other than
> that, they have nothing (that I'm aware of) in their manifests to make
> them special to each other. In one of them, I use
>
> createPackageContext ("the.other.package.name", 0)
>
> to get the other APK's Context. I use the returned Context to access
> the other APK's assets/ directory the usual way (I call getAssets() to
> retrieve an AssetManager reference which I then use to call open()
> with a file name to get an InputStream).
>
> Now, the part I'm confused about is that it works! ;-) I thought it
> would fail until I introduce sharedUserId, or perhaps use a completely
> different mechanism (like a ContentProvider?).
>
> Am I messing up somewhere, or is this the expected outcome? Or, does
> it work because both applications are (probably - I'm not totally sure
> what Eclipse does behind the scenes while creating and building
> projects) signed with same key? I might also be misreading the Dev
> Guide security docs when they refer to "application data" - does that
> mean stuff in assets/ or res/, or just anything an application writes
> to the SD card (should I say "external storage")?
>
> Also, does it mean anybody can read my assets/ if they know the file name?
>
> Thanks in advance for any insight!
>
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
