I'm trying to write an app that will allow plugins (in the form of JARs with a few classes), but I don't want them to be able to interact with other applications on the device except through my own API. Are there any nice ways of preventing code from broadcasting arbitrary intents? If this isn't realistic at runtime, would a static analysis that just searched for anything involving reflection or constructing an Intent be sufficient?
- [android-security-discuss] Sandboxing plugins? Yuliy Pisetsky
- Re: [android-security-discuss] Sandboxing plugins? Chris Palmer
- Re: [android-security-discuss] Sandboxing plugins... Yuliy Pisetsky
- Re: [android-security-discuss] Sandboxing plu... Chris Palmer
- Re: [android-security-discuss] Sandboxing plugins? Dianne Hackborn
