Geek asks and answers

Android: check intent sender ID

I work for a company that releases several applications, but not all of these applications have the same signature or more, we have at least 5-6 application certificates.

We tried to create a mechanism in which all companion applications on the same device will be the same. For example, if the user installed App A from the application and there is no application, a new identifier will be created, if he now installs application A, application B should have one same identifier as application A (identifier is only the generated UUID type No. 4), etc.

We are using broadcast at the moment, and only applications with our permission can receive this broadcast and send back the identifier with another broadcast (obviously this time). Transmission and responses are protected with our permission at the subscription level, this, of course, does not help, since we have several signatures.

I tried to write a translation and restore the intention, which may have its own protection mechanism, which will not be limited to only one signature, but several, the problem is that things like Binder.getSenderUID () do not work for translations and I get my own uid. it seems that I have no way to get the identity of my snake if he himself does not write down his identifier in the intention that it is NOT something I can trust, because it can be easily faked. Using encryption requires that the applications come with a key on them that is not yet protected, accessing the server for verification takes too much time, and success on the mobile phone is not guaranteed, as it is not 100% sure that there is a network around.

- , \ ? ( , ).

+5
4

...

, , . , - , , , , . Android BroadcastReceivers ( , , bindService), BroadcastReceiver "peekService".

, :

final IBinder[] b = new IBinder[1];
new BroadcastReceiver() { 
    public void onReceive(Context context, Intent intent) {
        b[0] = peekService(context, intent);
    }
}.onReceiver(context, intent);

IMyInterface i = IMyInterface.Stub.asInterface(b[0);

, , .

+2

, ! " , .

, , , .

UID snder, "remote", , IPC AIDL IBInder. Binder, getCallingUid() uid , PackageManager ( , ) , apk.

( , ID) bindService (service, conn, flags) . , , , Bind , , ​​ , . , , ID, , , ID . , Messenger, .

, - .

+4

, , , . , BroadcastReceiver, getCallingActivity(), startActivityForResult().

, "", BroadcastReceiver:

<activity
    android:name=".FauxReceiver"
    android:theme="@android:style/Theme.NoDisplay" 
    android:excludeFromRecents="true"
    android:noHistory="true"
>
    <intent-filter>
        ...
    </intent-filter>
</activity>

: ?

0

I was looking for a way to check the package name of the application that sent the intent received by my intent filter. This activity in my application, which processes the intent filter, requires the intent sender to include its process identifier in the Intent Extras field. After that, my receiving activity can get the associated application package name from the ActivityManager.

Here is an example of the code I found while navigating through StackOverflow.

Constants required for both applications

public static final String EXTRA_APP_ID;
public static final String ACTION_VERIFY = "com.example.receivingapp.action.VERIFY";

Challenging activity

    Intent verifyIntent = new Intent();
    verifyIntent.setAction(Consts.ACTION_VERIFY);
    verifyIntent.putExtra(EXTRA_APP_ID, android.os.Process.myPid());
    // Verify that the intent will resolve to an activity
    if (verifyIntent.resolveActivity(getPackageManager()) != null) {
    startActivityForResult(verifyIntent, Consts.REQUEST_VERIFY);
    } else {
       Log.d(TAG, "Application not found.");
    }

Receiving Application

manifest

        <activity
            android:name="com.example.receivingapp.ReceivingActivity"
            android:label="@string/app_name">
            <intent-filter>
                <action android:name="com.example.receivingapp.VERIFY" />
                <category android:name="android.intent.category.DEFAULT" />
            </intent-filter>
        </activity>

ReceivingActivity

if (getIntent().hasExtra(OnyxCoreConsts.EXTRA_APP_ID)) {
    string appName = null;  
    // Resolve intent
    if (getIntent().getAction().equals(ACTION_VERIFY) {    
         int appPid = getIntent().getIntExtra(EXTRA_APP_ID, -1);
         if (-1 != mAppPid) {
             appName = Utils.getAppNameByPID(mContext, mAppPid);
         }
         if (null != appName && !"".equalsIgnoreCase(appName)) {
              // Do something with the application package name
         }
    }
}

Utils class

public static String getAppNameByPID(Context context, int pid){
        ActivityManager manager = (ActivityManager) context.getSystemService(Context.ACTIVITY_SERVICE);

        for (RunningAppProcessInfo processInfo : manager.getRunningAppProcesses()) {
            if (processInfo.pid == pid) {
                return processInfo.processName;
            }
        }
        return "";
    }
-1
source

More articles:


All Articles