Passing data from one application to the other

Question

What I Have

I have one application A which is fully local and cannot use any INTERNET permission.
Application A needs to have one small important information (say, a license check) from an external server I own
So, I have another license checker application B which has INTERNET connectivity permission and it fetches the license information from the external server

The Problem

I want to pass this data safely and securely from the "license checker application B" to the "base application A". By "safely and securely" I mean that I don't want anyone to get hold of the license data easily. I know theoretically everything can be hacked but I want to make things easy.

The Solutions

I have thought of some solutions but don't know the pros and cons of them.

Writing the information on a file locally (this is easy to hack I guess)
Using a common Shared Preference file with encryption
Using startActivityForResult() and getting the information in onActivityResult() (I think this is the best)

What is the best way to do this? Should I follow one of these or do you have any better and more secure method of communication between two applications?

You can use a web service that communicates with the external server and fetch the data. In order to call the web service securely, you must use Authentication Header passed to the web service before calling it. — A Ghazal, Jul 08 '15 at 14:41
I know how to fetch data from a server. I just want to communicate it from one app to the other. — Aritra Roy, Jul 08 '15 at 14:43
Use a content provider to share data between the two apps. http://developer.android.com/reference/android/content/ContentProvider.html — Daniel Nugent, Jul 08 '15 at 14:44
@DanielNugent Is it safe to use a ContentProvider? Are you sure no other app can use the license data? This data is small and quite important to me. — Aritra Roy, Jul 08 '15 at 14:58
The only way to ensure that is to return encrypted data. You could decrypt it with the client application. The only problem is that someone could decompile your client and figure out how your decryption process works. This could be made more difficult by using a code obfuscation (with ProGuard for example). — ByteWelder, Jul 08 '15 at 15:03
@KenV.H. Thank you so much. What is the problem with the third approach I talked about? Like putting the small data in a Bundle using startActivityForResult(). — Aritra Roy, Jul 08 '15 at 15:10
It's a valid option, but other applications could also start that activity for result. So the encryption suggestion still stands with this example. — ByteWelder, Jul 08 '15 at 15:14
@KenV.H. Yes, I would be doing that then. But about encryption, I need to store the common encryption key in both the apps making the key vulnerable. Anyone can decompile the app (even with ProGuard) and can get the key? Isn't it? — Aritra Roy, Jul 08 '15 at 15:18
Not if you do public/private key encryption: The public and private key are a matched pair, where application A could sign with the public key and application B can decrypt it with the private key. (or vice versa) [edit] That would still leave 1 application vulnerable when it is decompiled of course. — ByteWelder, Jul 08 '15 at 15:28

score 0 · Answer 1 · edited May 23 '17 at 10:26

since the two apps is yous

i would start an activity in A app from B here you can find the below info

Intent intent = new Intent();

intent.setComponent(new ComponentName("com.example", "com.example.MyExampleActivity"));

intent.putExtra("The Key","my key");

startActivity(intent);

and on the activity inside the on create in application A i would check for the coming intent

String data = this.getIntent().getStringExtra("The Key");

I hope this help

Passing data from one application to the other

1 Answers1