On May 6, 2:49 pm, Dianne Hackborn <hack...@android.com> wrote: > [B]e aware that if you do this by sending to a registered broadcast receiver, > you can cause security holes because other people can also register for the > broadcast and send a broadcast to your client.
Am I safe by doing the following: Caller has a class instance BR that extends BroadcastReceiver, but does not have an entry in the ApplicationManifest. Caller constructs a PendingIntent using the ComponentName object refering to the BR class. At the time of calling startService, the Caller uses Context.registerReceiver(BR, new IntentFilter()) (thus, if I understand correctly, with an empty IntentFilter it cannot be selected by Intent Resolution). After the service has replied via the PendingIntent, the Caller unregisters the receiver. Can I make the BR class non-public to prevent anyone else from forming an Intent for it? - John --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---