如何保证意向数据,同时在应用程序在发送 [英] How to secure Intent data while sending it across applications
问题描述
我的工作我的Android应用程序的安全性方面的问题。
I am working on the security aspects of my android application.
我想知道,以确保意图数据和演员,而从一个应用程序发送到另一个,以使其他应用程序除了这两个可以窥探它的方式。
I would like to know about the ways to secure the Intent data and extras while sending it from one application to another so that no other application other than these two can snoop it.
之一蛮力的方法是使用Android的加密,解密EN code意图数据,有没有更好的方法来达到同样的?
One of the brute-force approaches would be to use android's encryption-decryption to encode intent data, is there a better way to achieve the same ??
在此先感谢。
推荐答案
正如在其他的答案,但你可以发送一个Intent到一个完全合格的活动,没有任何prevents有人来创建具有相同封装的应用程序
As pointed in the other answers, although you can send an Intent to a fully qualified Activity, nothing prevents someone to create an application with the same package.
您可能要添加一个额外的安全步骤,这个方案:
You might want to add an additional security step to this scheme:
-
首先发送一个挑战意图远程活动(应该例如隐窝您提供了一个随机字符串使用共享的密码,并将其发回给你)
First send a 'Challenge' intent to the remote activity (it should, for example crypt a random string you provided using a shared passphrase and send it back to you)
如果说第一次的安全步骤是确定的,您可以自由使用它的完全限定活动发送未加密的消息,该远程应用程序。
If that first security step is ok, you may freely send unencrypted messages to this remote app by using its fully qualified activity.
这是很蹩脚的安全性放在很可能足以满足您的需求。
This is quite lame security put it's perhaps sufficient for your needs.
请看看下面CommonsWare评论。
Please take a look at CommonsWare comment below.
一个更安全的方式可能是code你的活动作为一个的绑定的服务,保持挑战的一步,但更多的私人通信里面的意思。
One more secure way might be to code your activity as a Bound Service, keeping the Challenge step, but inside a more private communication mean.
这篇关于如何保证意向数据,同时在应用程序在发送的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
