0

I would like to write an Android application (let's call it 'ZX') which communicate with other apps which are unknown in advance.

ZX doesn't want to communicate with all the other apps. It only wants to communicate with apps approved by the user via a ZX-permission. ZX-permissions can be granted and revoked at any time by the user via one of the ZX's activities.

In order to do that, ZX needs to know for sure which app is trying to communicate with it, and in the case of apps connecting for the first time with ZX it needs to display its name (or something else which uniquely identify it) to the user to ask if it should allow it or not.

Questions:

1) How to identify the calling app?

2) What IPC mechanism is recommended for that?

Vincent Cantin
  • 16,192
  • 2
  • 35
  • 57

2 Answers2

1

It's sort of hard to give a great answer to this question because you're being pretty cryptic with the details... However, I'll take a stab at it..

Depending on what "ZX" does, something like the Observer Pattern could work for this. If applications wanted to communicate with ZX they would send ZX a message, adding themselves to a lookup table / list which ZX maintains.

Basically you'd have something like this...

Application AIwishes to communicate with ZX. It sends ZXa message containing information about the application (whatever it is you need, IP Address etc.). This information could go to a function such as addApplication()which makes a new CommApp object storing all relevant information about the application.

ZX could then send AIa unique authentication key which it could use for further communication. This could handle the actual session. Any further communication between the two applications can be authenticated with the unique key. This approach assumes you're using authentication for identification of different apps rather than trying to keep "the bad guys" out.

If you could expand on your actual situation I'd be happy to edit my question to suit your needs more.

Aidanc
  • 6,921
  • 1
  • 26
  • 30
  • @Vincent well, what part of my answer doesn't answer your question? – Aidanc Apr 24 '12 at 17:10
  • That's a useful answer. However, ZX needs to display the user something like "The app AI wants to get access to my ressource K. Allow/Deny?", so it needs to display something to the user which identify the calling app. – Vincent Cantin Apr 24 '12 at 17:12
  • @Vincent Yes, my approach will allow for that. The `addApplication()` function I mentioned could invoke a dialog to the user to allow / deny access. You'd send across the permissions required etc. with the request before `addApplication()` – Aidanc Apr 24 '12 at 17:13
  • What disturbs me here is that AI is providing the information which describes itself. It can say whatever it wants, leaving rooms for identity-spoofing. I would like to know if the Android platform provides a way to let the receiver of the message know which app is calling. btw, which IPC mechanism do you recommend? – Vincent Cantin Apr 24 '12 at 17:18
  • I found this answer which kind of answers my question: http://stackoverflow.com/a/6783661/378979 – Vincent Cantin Apr 24 '12 at 17:40
1

"Using Binder or Messenger is the preferred mechanism for RPC-style IPC in Android. They provide a well-defined interface that enables mutual authentication of the endpoints, if required."

http://developer.android.com/training/articles/security-tips.html#IPC

Klaus Wuestefeld
  • 77
  • 1
  • 2
  • while true, I can't find any actual implementations of this. please provide a source for the implementation where there's mutual auth between sender and receiver. – Dio Jul 03 '15 at 13:49