You can load and use the classes, but they will execute with the permission of your app, not of the app whose code you're borrowing. Or are you saying the code runs as the other app?
Even if Android did stop app A from borrowing app B's code as found on the device, app A (or the developer of A) could still simply download the .apk off Market and borrow it that way. What's the threat you're worried about, exactly? On Oct 28, 2009 11:47 AM, "z" <[email protected]> wrote: As you know you can easily load any classes using this api call //ask for the code of the foreign context to be included and to ignore any security given by the cross-process(owner) execution //in working-environment to error checking ... Context tmpCtxt = createPackageContext("com.google.android.notepad", Context.CONTEXT_INCLUDE_CODE + Context.CONTEXT_IGNORE_SECURITY); Class<?> c = tmpCtxt.getClassLoader().loadClass ("the.name.of.a.package.already.deployed.on.the.device"); //do normal Java-Reflection things with c so does that means anyone can load my code and execute them using reflection? Is there anything that protects android from this kind of attacks?
