Hi, have you tried it with an implicit Intent? (http://stackoverflow.com/questions/10272699/what-is-the-different-between-explicit-and-implicit-activity-call-in-android). I have not tested it, but eventually getRecentTasks works only with implicit ones.
I also wrote a small test app some days ago: https://github.com/dschuermann/recent-intents/blob/master/src/org/sufficientlysecure/recentintents/RecentIntent.java Regards Dominik On 03.06.2013 08:59, Xiaobo Pan wrote: > hi Maciej and Giancarlo, > > I try to test this kind of leak and build two app, > app A is the target app, has the First/Second Activity and pass a value in > the intent. > app B is the monitor, declare to use the GET_TASKS, try getRecentTask > every 20 seconds. and print to System.out. > but I can only get the Intent to start First activity, and I can't get the > Intent to start Second activity. > Is there anything wrong in my code ? > > <https://lh4.googleusercontent.com/-N-GbOF83oUQ/Uaw-Ag7RzmI/AAAAAAAAC5I/us220jkAAMU/s1600/ss.png> > my test environment is android 2.3 emulator. here is the source > app A > public void onCreate(Bundle savedInstanceState) { > super.onCreate(savedInstanceState); > setContentView(R.layout.main); > Intent intent = new Intent(this, Second.class); > intent.putExtra("a", "b"); > startActivity(intent); > } > > app B > public void onCreate(Bundle savedInstanceState) { > super.onCreate(savedInstanceState); > setContentView(R.layout.main); > final ActivityManager am = (ActivityManager) > getSystemService(ACTIVITY_SERVICE); > Timer timer = new Timer(); > timer.schedule(new TimerTask() { > > @Override > public void run() { > for (RecentTaskInfo ti : am.getRecentTasks(999, 0)) { > System.out.println(ti.origActivity + " -> " + > ti.baseIntent); > } > } > }, 20000, 20000); > } > > BR, > b0b > > On Tuesday, May 14, 2013 5:24:21 AM UTC+8, Giancarlo Capone wrote: >> >> Hello* *Maciej Górski, >> I know this is a common problem. This issue has been resolved by Google >> since Android 4.1.1: in fact from this version on, they have introduced a >> new class that allows you to retrieve data (ActivityManager.RecentTaskInfo) >> that doesn't allow you to get "extras" from other applications. >> In my opinion if you want to pass data in such a secure way between two >> activity, you can pass crypted data or you can only pass a kind a simple >> variable (for example an Integer or a String) and in the second activity >> you can retrieve data from a Db or from the shared preferences. >> >> Let's consider that you want to send the number of a credit card from >> FirstActivity to SecondActivity. >> Now in FirstActivity you can save the number of the credit card in a Db >> or using a SharedPreference, then you can pass to SecondActivity a number >> or a string that has no real meaning (for example you can pass the name >> used to save the sharedPreferences). In the SecondActivity, you receive >> that String and you can retrieve the number of the credit card from the >> sharedPreferences you have saved or from the Db. In this way no data >> passing from one activity to another can be read by other applications . >> I hope this is useful for you. >> * >> * >> Il giorno sabato 11 maggio 2013 21:29:53 UTC+2, Maciej Górski ha scritto: >>> >>> Hello everybody, >>> >>> I've noticed that when an application has GET_TASKS permission it can >>> retrieve the data sent between two Activities in other application, where >>> second Activity is not exported like in this example: >>> >>> <activity android:name=".FirstActivity" > >>> <intent-filter> >>> <action android:name="android.intent.action.MAIN" /> >>> >>> <category android:name="android.intent.category.LAUNCHER" >>> /> >>> </intent-filter> >>> </activity> >>> <activity android:name=".SecondActivity" /> >>> >>> somwhere in FirstActivity: >>> >>> Intent intent = new Intent(this, SecondActivity.class); >>> intent.putExtra("any_key", "any_value"); >>> startActivity(intent); >>> >>> any_key + any_value pair can be read from application that has GET_TASKS >>> permission. >>> >>> Does that mean we should not send sensitive data between exported and >>> private Activity? >>> >> >
signature.asc
Description: OpenPGP digital signature
