If your two packages are going to be signed by same key you can use signature based permissions. Just create your own permission and then check that the caller has been granted that permission inside your server. Signature bases permissions will only be granted to packages that are signed with the same key as the package that declared the permission.
Dirk On Tue, Jul 6, 2010 at 3:10 AM, Raj <[email protected]> wrote: > Hi, > > I'm new to android and currently trying to write two simple > applications: a client and a server. > The client sends a hello in an intent (startactivity_for_result) to > which the server responds with a message. > Is there a way for the server to reliably check from the received > intent that the intent was indeed sent by my client and not by some > other application on the phone? I tried different methods, for > instance, to get the package name of the client sending the intent > (since the package name is known to me), but couldn't get this info > from the intent. > > From the android documentation i see that you check only if a > particular intent was granted the necessary permission by Android. > There is nothing about the "identity" of the intent sending app. > > Is there way to authenticate the apps sending intents at the handling > side? > > Cheers, > Raj > >
