0

I've heard that LocalBroadcastManager is potentially insecure and that there are better options to it.

I've an app that uses several of them and I think it's worthwhile to make them more secure in one way, even changing them for an Observable or the like if needed, although if possible I'd prefer to stick with the LocalBroadcastManager.

For my app I'd like that other apps won't be able to read the extra that is put in the Intent with which the LocalBroadcastManager is launched, and from what I know they could make that just by listening to it with the same identifier.

But I think that if the extra I put in the LocalBroadCastManager is encrypted and then decrypted in my activity, all the other apps that would try to read that extra, would only be able to get meaningless data just by listening to it.

Am I right that this would make it secure enough for my app?

user2638180
  • 1,013
  • 16
  • 37
  • 1
    `LocalBroadcastManager` is deprecated; switching to something else is wise for that reason. However, it is private to your app. Do you have links to reputable sources regarding your "potentially insecure" claim? "from what I know they could make that just by listening to it with the same identifier" -- no. The "local" in `LocalBroadcastManager` refers to the fact that "broadcasts" are only sent and received within your process. – CommonsWare Jun 03 '21 at 17:09
  • @CommonsWare, seems I did a bad interpretation done from this: https://stackoverflow.com/a/54264538/2638180, I assumed any component to be any of any possible application. Thanks for your help. – user2638180 Jun 03 '21 at 17:42
  • 1
    My guess is that you are referring to "embraces layer violations in your app; any component may listen to events from any other component". If so, I can understand your confusion. In this case, "component" is just referring to different pieces of your app. The concern outlined in that answer is not about security, but about architecture: with `LocalBroadcastManager`, it was easy to have messy, ad-hoc communications. So, while `LocalBroadcastManager` is not great, security is not one of the problems. – CommonsWare Jun 03 '21 at 17:45

0 Answers0