8

Is there any security provided when an application calls a remote service using AIDL? Or is it simply like a malicious application could read the data?

user567879
  • 5,139
  • 20
  • 71
  • 105

4 Answers4

3

On Android, one process cannot normally access the memory of another process.

When you bind to applications with a AIDL interface, the system will establish a connection between those processes. Therefor, the only those two applications that can read the information that is shared via the AIDL interface.

If you want to be sure, you should make a extra check in the onBind(Intent intent), to make sure it's your own application that is connecting

Tip: read the first part of this page: http://developer.android.com/guide/components/aidl.html

Ion Aalbers
  • 7,830
  • 3
  • 37
  • 50
  • Could you please elaborate on the "extra check in onBind()"? Say I have a remote service in a system application signed with the platform signature. I have my own regular app signed by me, and would like to be certain the service will only accept a bind from my app. How can I guarantee this? – Android QS Feb 07 '13 at 21:55
  • 1
    The best thing is to create a permission and check with the getCallingUid() call if that package has the right permission to bind. – Ion Aalbers Feb 08 '13 at 07:27
  • https://stackoverflow.com/questions/12918731/how-to-get-application-package-name-or-uid-which-is-trying-to-bind-my-service-fr – Nir Duan Jul 29 '17 at 16:13
1

you could always filter in your methods to restrict the packages that are allowed. Throw a SecurityException if the package does not have permission 

Collection<String> callingpackages = getCallingPackages();

if(!callingpackages.contains("yourpackagename"){
//Throw securityException.
}

And getCallingPackages

private Collection<String> getCallingPackages() {
     int caller = Binder.getCallingUid();
     if (caller == 0) {
         return null;
     }
     return Lists.newArrayList(mContext.getPackageManager().getPackagesForUid(caller));
 }
nandeesh
  • 24,740
  • 6
  • 69
  • 79
1

Example security service by signature, by using android:protectionLevel="signature", only app which sign the same signature (same keystore) can bind to your service

AppServer AndroidManifest.xml

<manifest ...>

    <permission
        android:name="my.MyCustomPermission"
        android:protectionLevel="signature" />

    <application
        ...>

        <service
            ...
            android:permission="my.MyCustomPermission">
            ...
        </service>
    </application>

</manifest>

AppClient AndroidManifest.xml

<manifest ...>

    <uses-permission android:name="my.MyCustomPermission"/>

    <application
        ...
    </application>

</manifest>
Linh
  • 57,942
  • 23
  • 262
  • 279
0

Also, when making service connection to the remote service. specify the package name of the app where service is running.

like this way

Intent serviceIntent = new intent("com.android.vending.billing.InAppBillingService.BIND"); serviceIntent.setPackage("com.android.vending"); bindService(serviceIntent, mServiceConn, Context.BIND_AUTO_CREATE);

Caution: To ensure that your app is secure, always use an explicit intent when starting a Service and do not declare intent filters for your services. Using an implicit intent to start a service is a security hazard because you cannot be certain of the service that will respond to the intent, and the user cannot see which service starts. Beginning with Android 5.0 (API level 21), the system throws an exception if you call bindService() with an implicit intent.

Guruji
  • 229
  • 1
  • 2
  • 8