机器人：验证意图发送者的身份 [英] android: validate the identity of intent sender

问题描述

我在一家生产几个应用程序的公司，不是所有的这些应用程序具有相同的签名或更喜欢它，我们至少有5-6应用服务证书暂时。

I work in a company that produces several apps, not all those apps have the same signature or more like it we have at least 5-6 apps certificates for the time being.

我们试图建立一个机制，其中在同一台设备共享所有companie的应用程序相同的是， 例如，如果用户从市场上应用程序A和未安装的应用程序安装后，一个新的ID将被生成，如果现在他安装了应用程序A，应用程序，乙方应具有相同的ID为应用程序A（ID仅仅是一个生成的UUID型＃4）等等...

We tried to create a mechanism in which all the companie's apps on the same device share the same is, For example if user installed from the market App A and no app installed, a new ID will be generated, if now he installs App A, app B should have the same id as App A(id is just a generated UUID type #4) etc...

我们使用的是广播的时刻，只有我们的权限可以接收广播和发回的ID与其他广播（明确的这段时间）的应用程序。 广播和响应保护我们与签名级别的权限，这当然是没有帮助，因为我们有一个以上的签名。

We are using broadcast at the moment and only apps with our permission can receive that broadcast and send back the id with another broadcast(explicit this time). The broadcast and the responses are protected with our permission with signature level, this is of course not helping since we have more than one signature.

我试着写意图广播和恢复可以有它保护自己的机制，不会只限于一个签名，但一些，问题是，像Binder.getSenderUID（）不能用于广播工作，我得到我自己的UID。 它看起来像我没有办法让我的snder的身份，除非他自己写自己的id的意图，这是不是我可以信任，因为它可以很容易伪造。 使用加密需要的应用程序来与他们的关键，这是不固定一次，转向服务器进行验证需要太多的时间和移动，因为不是100％肯定有网络各地不能保证成功。

I tried to write an intent broadcast and recover that can have it's own mechanism of protection that will not be limited to only one signature but several, the problem is that things like Binder.getSenderUID() doesn't work for broadcasts and i get my own uid. it looks like i have no way to get the identity of my snder unless he itself writes his id in the intent, which is NOT something i can trust as it can be easily faked. Using encryption requires the apps to come with a key on them, which is not secured once more, turning to a server for validation takes too much time and on mobile not guaranteed to success since not 100% sure there is network around.

任何人有任何的想法一个人如何可以得到验证\安全的消息从一个应用程序到另一个？（我所有的应用程序，但可能有不同的签名）。

Anyone has any idea how can one get a validate\secure message from one app to another ?(all my apps but may have different signatures).

推荐答案

对不起，反应迟缓......

Sorry for late response...

绑定需要时间，而且更重要的是，它的非同步。 然而，有一种方法，使同步绑定 - 假设当然你尝试联系已经开始在当时的服务。 机器人允许对这种多为BroadcastReceivers（它们是异步性的，因此不能使用普通bindService）一个BroadcastReceiver具有peekService法

Bind takes time, and more importantly, its asynchronous. However, there is a way to make a synchronous bind - assuming of course the service you attempt to contact is already started at the time. Android allowed for this more for BroadcastReceivers (which are async in nature, and thus can't use normal bindService) a BroadcastReceiver has a "peekService" method.

如果你想使用它，而听着广播，你可以做：

If you want to use it without listening to a broadcast, you can by doing:

final IBinder[] b = new IBinder[1];
new BroadcastReceiver() { 
    public void onReceive(Context context, Intent intent) {
        b[0] = peekService(context, intent);
    }
}.onReceiver(context, intent);

IMyInterface i = IMyInterface.Stub.asInterface(b[0);

请注意，你不绑定到该服务，所以一定要偷看在每次使用。

note that you don't bind to the service, so make sure to peek at on each use.

这篇关于机器人：验证意图发送者的身份的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！