3

Use Case: Share credentials(example private key) stored in Android Keystore among different applications on the same device signed with different signatures.

I was able to achieve it using the following approach (but I don’t think it is the correct way of doing it):-

  1. Signed the application with the same certificate.
  2. I declared my applications with the same sharedUserId, like:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.mydomains.myapp"
    android:sharedUserId="com.mydomains.shared.user.id"
    android:sharedUserLabel="@string/appName">

Followed this post on StackOverflow: How to securely share data between two or more applications in android?

Problems:-

  1. sharedUserId is a deprecated property.
  2. It requires the same signature for the apps.

Is there any other way in which we can share credentials stored in Android Keystore b/w apps on the same device?

PS: In my usecase the Android Apps can belong to different organizations but can share a common SDK.

Sachit Sharma
  • 332
  • 1
  • 9

1 Answers1

1

If I understand your question correctly, I believe the KeyChain API would be an appropriate implementation for this use case which can be used to share between apps. For more details: https://developer.android.com/training/articles/keystore#WhichShouldIUse https://developer.android.com/reference/android/security/KeyChain

Hope this helps!

ai_mobileapps
  • 41
  • 2