Android AIDL security

Asked 6/9, 2012 at 5:58 Answered 28/1, 2021 at 2:55

Is there any security provided when an application calls a remote service using AIDL? Or is it simply like a malicious application could read the data?

Pilferage answered 6/9, 2012 at 5:58 Comment(0)

On Android, one process cannot normally access the memory of another process.

When you bind to applications with a AIDL interface, the system will establish a connection between those processes. Therefor, the only those two applications that can read the information that is shared via the AIDL interface.

If you want to be sure, you should make a extra check in the onBind(Intent intent), to make sure it's your own application that is connecting

Tip: read the first part of this page: http://developer.android.com/guide/components/aidl.html

Lettie answered 6/9, 2012 at 6:52 Comment(3)

Could you please elaborate on the "extra check in onBind()"? Say I have a remote service in a system application signed with the platform signature. I have my own regular app signed by me, and would like to be certain the service will only accept a bind from my app. How can I guarantee this? – Phthalein 7/2, 2013 at 21:55

The best thing is to create a permission and check with the getCallingUid() call if that package has the right permission to bind. – Lettie 8/2, 2013 at 7:27

#12919231 – Ingeringersoll 29/7, 2017 at 16:13

you could always filter in your methods to restrict the packages that are allowed. Throw a SecurityException if the package does not have permission

Collection<String> callingpackages = getCallingPackages();

if(!callingpackages.contains("yourpackagename"){
//Throw securityException.
}

And getCallingPackages

private Collection<String> getCallingPackages() {
     int caller = Binder.getCallingUid();
     if (caller == 0) {
         return null;
     }
     return Lists.newArrayList(mContext.getPackageManager().getPackagesForUid(caller));
 }

Liquidate answered 6/9, 2012 at 6:23 Comment(0)

Example security service by signature, by using android:protectionLevel="signature", only app which sign the same signature (same keystore) can bind to your service

AppServer AndroidManifest.xml

<manifest ...>

    <permission
        android:name="my.MyCustomPermission"
        android:protectionLevel="signature" />

    <application
        ...>

        <service
            ...
            android:permission="my.MyCustomPermission">
            ...
        </service>
    </application>

</manifest>

AppClient AndroidManifest.xml

<manifest ...>

    <uses-permission android:name="my.MyCustomPermission"/>

    <application
        ...
    </application>

</manifest>

Immolation answered 28/1, 2021 at 2:55 Comment(0)

Also, when making service connection to the remote service. specify the package name of the app where service is running.

like this way

Intent serviceIntent = new intent("com.android.vending.billing.InAppBillingService.BIND"); serviceIntent.setPackage("com.android.vending"); bindService(serviceIntent, mServiceConn, Context.BIND_AUTO_CREATE);

Caution: To ensure that your app is secure, always use an explicit intent when starting a Service and do not declare intent filters for your services. Using an implicit intent to start a service is a security hazard because you cannot be certain of the service that will respond to the intent, and the user cannot see which service starts. Beginning with Android 5.0 (API level 21), the system throws an exception if you call bindService() with an implicit intent.

Gourley answered 27/2, 2017 at 13:43 Comment(0)

Recommended topics

Hot tags