Hi,
I'm working with a large phone manufacturer and a SaaS provider and have
the following situation:
- The mfr has an app A which is pre-installed as a system app on the phone.
It's not particularly privileged other than being pre-installed.
- The SaaS provider has a faceless app B that provides an activity
available to app A. (The functionality in B is to enable users of A to
purchase content from the SaaS provider).
- The entry activity in app B is "protected" with a custom permission C,
with protectionLevel="normal". (I put "protected" in quotes because it's
not real security).
- If app B is also pre-installed, there's no problem and A can launch B
just fine. This is the way these apps have been shipped to millions of
customers already and works fine.
- If app B is not pre-installed but must be downloaded from Google Play,
then when A tries to launch B, it receives a SecurityException:
java.lang.SecurityException: Permission Denial: starting Intent {
cmp=com.B/.MainShadowActivity (has extras) } from ProcessRecord{}
(pid=1987, uid=10211) requires com.B.permission.START_ACTIVITY
If I create a standalone simulation app D for the exact same Intent that is
in app A, I cannot generate this security exception, no matter in what
order I install D or B, and whether D is release or debug signed.
Why would a pre-installed app behave differently when launching an intent
with a custom permission with protectionLevel="normal"? Is there any way to
fix or workaround this problem?
Thanks,
--Me
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
---
You received this message because you are subscribed to the Google Groups
"Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
