Hi folks, I've already posted this question on StackOverflow so I thought I'd hold off posting here for a few days in the hope I might get some responses on there before cross-posting (http://stackoverflow.com/ questions/3760593/implement-signature-level-security-on-android- services-with-more-than-one-allowed). No luck there though.
The problem is as follows: I have an application that has, as part of its purpose, quite a lot of personal data - things like Facebook contacts, chat history, ... This has been all fine up until now, as it's all internally contained, and Android sandboxing protects it from malicious programs. But I'm developing a new API which will - potentially - allow external applications to access this data directly via a combination of ContentProviders and AIDL. This means that "third party" applications will be able to interface with mine, to do things like sending chat messages, deliver news feeds, ... Obviously though, this has some privacy implications, so I've got to implement a security model, and here lies the issue: I want to implement a signature-level security model (set the "android:protectionLevel" to "signature" in the custom permission object), but this is actually a little too restrictive. Signature level would be fine, except that the whole object of this exercise is to allow other (in-house) teams to develop apps that make use of the (fairly complex) backend. And I don't want to have to sign each one of those with the same key used to compile the main application. So the question is this: Is there a way to check incoming service connections (AIDL/ ContentProvider) for the key that signed them (presumably at runtime using a function like android.os.getSigningKey())? Specifically, I would like to check them against a list of "trusted" keys. This seems to me like a fairly natural extension of the standard signature-level security model; it's converting it from "Only applications signed with my signature may access this service" to "Only applications signed with a signature from my list of trusted signatures may access this service." Any thoughts or ideas? Thanks jelford -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
