Android IPC and ContentProvider differences

Asked 30/6, 2011 at 11:43 Answered 23/4, 2017 at 7:12

Solved android ipc android-contentprovider

I am trying to decide the best approach to expose encrypted content stored on phone to 3rd party apps. The content is sensitive and needs to be protected so only certain apps can access this. The approaches I'm investigating are IPC and Content Provider. Below is what I believe to be some of the pro's and con's of both for my situation.

IPC - Pro's

Flexible response types to client. Different error codes and levels of restricted access can be returned

IPC - Con's

More complicated to implement than Content Provider
Would have to write own way of securing access to content.

Content Provider - Pro's

Easy to implement
Easy to secure access by making provider definition permission: protectionLevel=signature

Content Provider - Con's

To secure access, the Content Provider's key signature must be shared with 3rd party app which isn't ideal.
Limited flexibility in results types returned. Content Provider returns only a Cursor object for the columns that were queried.

Is there any major differences on performance and battery?
Can either execute asynchronously?
Any other comments/suggestions to the list?

Insectile answered 30/6, 2011 at 11:43 Comment(0)

Easy to secure access by making provider definition permission: protectionLevel=signature

That only works if you are the only firm using the content provider.

To secure access, the Content Provider's key signature must be shared with 3rd party app which isn't ideal.

I would describe this more as "may meet the medical definition of 'insanity'". Your third parties will be able to modify your "secure" data, forge applications as having been published by you, leak your signing key to malware authors, etc.

Content Provider returns only a Cursor object for the columns that were queried.

You can use the file-based content provider API in addition to, or instead of, the Cursor-based content provider API. See methods like openInputStream() on ContentResolver.

Is there any major differences on performance and battery?

Not especially.

Can either execute asynchronously?

Both can, though personally I find it a bit easier with services.

Any other comments/suggestions to the list?

Permissions work equally well with services and content providers, but I wish to re-emphasize that you should never be sharing your signing key with third parties, except perhaps at gunpoint.

Alisonalissa answered 30/6, 2011 at 12:54 Comment(3)

Thanks for your comments commonsware! – Insectile 4/7, 2011 at 9:39

Perhaps I should ask in separate question, but, is there a another alternative I should consider for exposing my content? Could I use a simple Intent based form of communication instead? If so, how would I do this? And any pros/cons to this technique? – Insectile 5/7, 2011 at 17:0

@Dom: Yes, you could have a service receive commands via onStartCommand() and send results back via a Messenger or something as an Intent extra on the command. It does not change the security characteristics. – Alisonalissa 5/7, 2011 at 18:19

I cannot answer your full question, but I can address the key sharing part. Your APK is signed with the public part of your public/private key pair. It may be possible to attach your public key to another app to pretend to be your app, but someone would need to have your private key to upload an app in your name by using your public key.

“A public-key certificate, also known as a digital certificate or an identity certificate, contains the public key of a public/private key pair, as well as some other metadata identifying the owner of the key (for example, name and location). The owner of the certificate holds the corresponding private key.

When you sign an APK, the signing tool attaches the public-key certificate to the APK. The public-key certificate serves as as a "fingerprint" that uniquely associates the APK to you and your corresponding private key. This helps Android ensure that any future updates to your APK are authentic and come from the original author.”

(from https://developer.android.com/studio/publish/app-signing.html )

Also, it is my understanding from how it is worded that the other applications share their keys with your app and not the other way around. The signature level protection is also not necessary if you can make use of one of the other settings. According to https://developer.android.com/guide/topics/manifest/permission-element.html#plevel you can choose to set the app to one of 4 different protection levels. Most apps do not contain data that is sensitive enough to require the “dangerous” setting, so normal would likely work for most applications.

Also, your app’s signature (public key) is already exposed through the methods available in the PackageManager class. I looked extensively the Android developer pages and read through a very helpful answer to another post to find this. It appears that any app can get your app’s public key through the method described here Android content provider protection level & different keys by CommonsWare.

Mediation answered 23/4, 2017 at 7:12 Comment(0)

Recommended topics

Hot tags