Permissions let you check that they are signed with your own cert a lot more efficiently -- just declare a permission in your app that has android:protectionLevel="signature", then require that permission wherever you want to prevent access -- either associated with components in the manifest, or with explicit permissions checks on incoming IPC.
On Fri, Jul 9, 2010 at 4:08 PM, Yuliy Pisetsky <[email protected]>wrote: > You can grab the PID of the remote process, and from there, you can > grab the package on the other end, and from that you can grab the > public key that was used to sign it, and check against what you > expected. > > -Yuliy > > On Tue, Jul 6, 2010 at 3:10 AM, Raj <[email protected]> wrote: > > Hi, > > > > I'm new to android and currently trying to write two simple > > applications: a client and a server. > > The client sends a hello in an intent (startactivity_for_result) to > > which the server responds with a message. > > Is there a way for the server to reliably check from the received > > intent that the intent was indeed sent by my client and not by some > > other application on the phone? I tried different methods, for > > instance, to get the package name of the client sending the intent > > (since the package name is known to me), but couldn't get this info > > from the intent. > > > > From the android documentation i see that you check only if a > > particular intent was granted the necessary permission by Android. > > There is nothing about the "identity" of the intent sending app. > > > > Is there way to authenticate the apps sending intents at the handling > > side? > > > > Cheers, > > Raj > > > > > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them.
