thanks for the replies... @Yuliy,
how can i get the PID of the calling process from the received intent? I'm afraid i cant find the relevant methods for the steps you mention. Could you point me to the right documentation? @Dirk, Unfortunately, signature based permissions wont fullfill the requirements for my application. The clients accessing my server wont be signed with the same key :-( So I need to know the "identity", which i think in Android's case is the package name with which the clients are installed (I'm assuming no two applications will be allowed to be installed with the same package name in Android - is this correct?). My project is to build a "server" app which can provide a "safe box" for other applications to store some data and retrieve it later on. To make this secure and ensure that "malicious" apps dont get the data from the server app, I need an unforgeable identity for the clients from the Android OS (I cant rely on the clients to give me their real "identity" when requesting for data from the server app). Any ideas how to accomplish this? On Jul 10, 2:35 am, Dirk Sigurdson <[email protected]> wrote: > If your two packages are going to be signed by same key you can use > signature based permissions. Just create your own permission and then check > that the caller has been granted that permission inside your server. > Signature bases permissions will only be granted to packages that are > signed with the same key as the package that declared the permission. > > Dirk > > > > On Tue, Jul 6, 2010 at 3:10 AM, Raj <[email protected]> wrote: > > Hi, > > > I'm new to android and currently trying to write two simple > > applications: a client and a server. > > The client sends a hello in an intent (startactivity_for_result) to > > which the server responds with a message. > > Is there a way for the server to reliably check from the received > > intent that the intent was indeed sent by my client and not by some > > other application on the phone? I tried different methods, for > > instance, to get the package name of the client sending the intent > > (since the package name is known to me), but couldn't get this info > > from the intent. > > > From the android documentation i see that you check only if a > > particular intent was granted the necessary permission by Android. > > There is nothing about the "identity" of the intent sending app. > > > Is there way to authenticate the apps sending intents at the handling > > side? > > > Cheers, > > Raj
