How to restrict content provider data across applications

Asked 25/5, 2011 at 5:46 Answered 25/5, 2011 at 5:58

How can we ensure that certain applications are not able to access my data stored in content provider where in certain other applications can access that? Basically I need to allow some application of my interest to access my data stored in Content Provider but I do not want all the applications to be able to access that data. How can I achieve this?

Thanks.

Famine answered 25/5, 2011 at 5:46 Comment(0)

The easiest way is to protect the content provider with a permission you define. Make it a signature a permission so only apps signed with your certificate are allowed to get it.

See:

http://developer.android.com/guide/topics/security/security.html

http://developer.android.com/reference/android/R.styleable.html#AndroidManifestProvider

http://developer.android.com/guide/topics/manifest/provider-element.html

If doing this based on certificates is not sufficient, you will need to write the permission checks yourself. This is done by calling Binder.getCallingUid() for incoming calls to your applications, and deciding whether the given uid has permission to access your provider. Actually implementing a different policy that is actually secure requires a lot of careful thought and design, though.

Guilford answered 25/5, 2011 at 5:56 Comment(0)

In the AndroidManifest.xml, at the screen with the properties of your ContentProvider, you have two fields:

Read Permission WritePermission

So, you can define secure strings (also it may be path to some file) that are permissions for acces to your ContentProvider.

Applications that want to access your content provider must have that ones added in their UsesPermission elements.

Sherburne answered 25/5, 2011 at 5:58 Comment(1)

what if that read permission string get leaked out and some third party app added it to their manifest also. How provider can avoid such cases – Mcfall 22/2, 2018 at 14:7

Recommended topics

Hot tags