2

I am looking for the mechanism in Android similar to KeyChain in IOS. Basically I need to be able to share storage data between my "family" of apps. It means that other apps should not be able to access this data. Also this shared storage should exist if any app is uninstalled later. So using app data directory and SharedId is not a solution. Also Shared Prefs is not good for same reason.

Have looked at Content Provider - does not look this is what I need. Also have looked at AndroidKeyStore/KeyChain but looks like this is an absolutely different thing than IOS KeyChain.

Any suggestion?

Leon Bambrick
  • 26,009
  • 9
  • 51
  • 75
user3330596
  • 71
  • 7
  • Android content provider may help you see the docs http://developer.android.com/guide/topics/providers/content-providers.html – mohammed momn Feb 20 '14 at 00:49
  • Why do you feel that you need a family of apps, rather than one app? What is the nature of the "storage data" that you are looking to share between them? – CommonsWare Feb 20 '14 at 00:50
  • To mohammed momn: Thanks. I don't think content provider is for storage data sharing tough also I didn't find that it provides "permission" mechanism to have "family" sharing and not allow other apps. – user3330596 Feb 20 '14 at 02:59
  • To CommonsWare: the data can be anything that entered in app1 but used as in app1, as in app2 as in app3. For example login and password, or personal data or ... – user3330596 Feb 20 '14 at 03:03
  • http://stackoverflow.com/a/6030399/1405008 Refer this shared preference is enough to share global data or http://androiddhamu.blogspot.in/2012/03/share-data-across-application-in.html – CoolMonster Feb 20 '14 at 05:33
  • To CoolMonster: As I said above Shared Prefs solution is not good for me: 1. I can either give access to ANY other app or give access to nobody. I need to be able to give access to MY apps ONLY. 2. Share prefs are deleted when app is uninstalled. – user3330596 Feb 20 '14 at 13:14
  • As a matter of policy, you are not allowed to put anything on the device which will not either be a) removed on uninstall or b) be removable by the end user. Likely you solution will be a combination of either one of the mechanisms for private storage, or encrypted (and perhaps signed) storage in a public location, combined with some mechanism for off-device backup to recover from the uninstall or user-removed-file cases. – Chris Stratton Feb 28 '14 at 20:26
  • Did you get any solution to this ? If so, could you please share the solution ? – Manu Feb 06 '17 at 09:29

1 Answers1

0

I also tried to use KeyChain for this purpose but couldn't find a way. Eventually, I decided to use Content Provider with exported flag set to false and combine a permission attribute to achieve a secured data sharing between two of my apps that shared the same signing key.

This is from the provider attributes docs: https://developer.android.com/guide/topics/manifest/provider-element.html#prmsn

android:exported false: The provider is not available to other applications. Set android:exported="false" to limit access to the provider to your applications. Only applications that have the same user ID (UID) as the provider, or applications that have been temporarily granted access to the provider through the android:grantUriPermissions element, have access to it.... You can set android:exported="false" and still limit access to your provider by setting permissions with the permission attribute.

Gal Rom
  • 6,221
  • 3
  • 41
  • 33