On Mon, Jan 12, 2009 at 6:10 AM, rktb <[email protected]> wrote: > But, it does look like the "signing" process did not work as expected > because I am still able to access the a service of this application > from other dummy application.
This has nothing to do with signing. There are a number of things that go into whether one .apk can access a component in another .apk: - Is the component NOT exported? If it isn't exported, you can only access it if both .apks are assigned the same user ID, which will only be the case if they are both signed with the same certificate AND they are both requested the same shared user ID in their manifests. - Is there a permission required to access the component? If so, then only those granted the permission will be allowed to use it. To be granted the permission, they must explicitly request that permission, and whether they get it will depend on the type of permission -- normal ones are always granted, dangerous ones will result in confirmation with the user, and signature ones will only be granted if both .apks are signed with the same certificate. - Otherwise, the .apk can access the component without restriction. -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support. All such questions should be posted on public forums, where I and others can see and answer them. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "android-framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-framework?hl=en -~----------~----~----~----~------~----~------~--~---
