Hi all,
I'm slightly confused about when applications are allowed to access
other applications' data. I believe I've read all relevant parts of
the Dev Guide like the "Security and Permissions" article or
android:sharedUserId and signature-level permissions documentation but
after running some tests I'm still surprised by what I see.
In particular, I've set up two .apk's. Both are created with Eclipse
ADT and (I believe) signed with the same debug key but other than
that, they have nothing (that I'm aware of) in their manifests to make
them special to each other. In one of them, I use
createPackageContext ("the.other.package.name", 0)
to get the other APK's Context. I use the returned Context to access
the other APK's assets/ directory the usual way (I call getAssets() to
retrieve an AssetManager reference which I then use to call open()
with a file name to get an InputStream).
Now, the part I'm confused about is that it works! ;-) I thought it
would fail until I introduce sharedUserId, or perhaps use a completely
different mechanism (like a ContentProvider?).
Am I messing up somewhere, or is this the expected outcome? Or, does
it work because both applications are (probably - I'm not totally sure
what Eclipse does behind the scenes while creating and building
projects) signed with same key? I might also be misreading the Dev
Guide security docs when they refer to "application data" - does that
mean stuff in assets/ or res/, or just anything an application writes
to the SD card (should I say "external storage")?
Also, does it mean anybody can read my assets/ if they know the file name?
Thanks in advance for any insight!
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
