Pre_Lab

Introducing Custom Permission to Broadcast Intent InterApp

Broadcast Intent: Android Studio has a useful feature bind with “BroadcastReceiver” class. It has been used vastly by android developers around the world. Broadcast intents could be sent using intentFiter’s action name and category name attributes. But, it also gives some space to malicious receivers to intercept the data who are having the same action and category name. About 87% of android developers in the world are careless, they don’t concerned about that, data can be received by different receivers using the same action and category name. For example, if a bank’s Android application wants to send the username and password of a client to the server to get access to the intentFilter’s action and category names like “com.example.ACTION_NAME” and “com.example.CATEGORY_NAME” respectively. Then data will be sent to the desired server. But if a malicious application has been installed on the same device having a receiver with the same action and category name attribute inside the intent filter. Data will be received on that malicious application's “onReceive()” method at the same time. See the image given below:

Receiver: Receivers are used in an Android application to receive the intent’s sent through “sendBroadcast(intent)” or “sendBroadcast(intent, permission)” method. We all know that intent carries data, for example, we can send data by a “Bundle” object through an intent. So whenever an intent with data has been sent by “sendBroadcast(intent)” method. Receiver’s having the same action and category name try to get the intent in its “onReceive()” method If the Receiver fires at the same time. Receiver’s can be registered in an application in two different ways. We can declare a receiver in the “manifest.xml” directly. See the code below.

<receiver android:name=".MyReceiver">

<intent-filter>

<action android:name="com.example.ACTION_NAME"/>

<category android:name="com.example.CATEGORY_NAME"/>

</intent-filter>

</receiver>

Copy and paste this code just after the “.MainActivity” attributes inside the application code fragment of manifest.xml file. If the receiver is registered in this way, it would consume more battery power, because in this way receiver fires all the time if the application has not been removed from the backtrack.

There is another way to register a receiver in an application and it is dynamic registration through java code. See the code given below

YourActivity.this.registerReceiver(new BroadcastReceiver() {

@Override

public void onReceive(Context context, Intent intent) {

“Handle the intent object here”

}

},new IntentFilter("com.example.ACTION_NAME"));

Don’t forget to unregister your receiver inside the method like “onPause()”, “onDestroy()” or “onBackPressed()” depend on your use. See the code below to unregister the receiver.

YourActivity.this.unregisterReceiver(“Receivers name”);

Broadcast Intent with Permission: Permission is a useful and very important feature in Android. Using permission it is possible to restrict a lot of things from unwanted activities, receivers, and services. There are so many default permissions in android. We need to use them in the manifest.xml file for a great many things, like to use the internet we must declare the following permission the manifest file “<uses-permission android:name="android.permission.INTERNET"/>”. In the android studio, there is an option called custom declared the permission. That means we can create our customized permission and we can use it in the application to make it more secure from malicious activities. To create a customized permission see the following example

At first create a description string in the “res=>values=>string.xml file see code below

<string name="description">Customised Permission to pass an intent to other application or inter communications.</string>

Now create a label string in the same string.xml file see code below

<string name="label">Customized Permission</string>

Now declare the permission attribute in the manifest.xml file see the code below

<permission

android:name="YourPackageName.permission.CUSTOM_PERMISSION"

android:description="@string/description"

android:label="@string/label"

android:permissionGroup="android.permission-group.PERSONAL_INFO"

android:protectionLevel="dangerous" />

Here “YourPackageName” refers to the package name of the application in which you are going to declare the permission. Now our customized permission is ready to use. To use this permission we need to declare it in the manifest again but in a different way see the code below

<uses-permission android:name="YourPackageName.permission.CUSTOM_PERMISSION"/>

In this way, you can use it in your application and in other applications too in case of Broadcast Receivers.

In android “sendBroadcast(intent,permissionName)” method is the most important one to send intent’s with custom or default permission. Through this method, we can send any intent to our desired receivers that have the same permission in it. This great feature lets us make our applications more secure.