Android Intent Security
I've been working on designing a few Android apps lately, and one of my next experimental a开发者_Go百科dventures is the first to listen to an external Intent: Google Voice. I was wondering about the potential for a malicious user to create another Intent mostly identical to a pre-existing trusted Intent to inject evil code into my app.
Since intents isolate activities from each other (unless you root or there's an as-yet-undiscovered and fairly fundamental defect), they can't inject code into each other. However, any activity you start may of course do whatever is permitted to it according to its manifest.
The primary security countermeasure against malicious apps, whether they communicate by intents or otherwise, is the manifest and user approval at installation. If the user installs an app that processes RecognizerIntent
, that app will be presented as an option to the end user when you attempt to get speech recognition. If the end user selects it, it will be executed. The most it can do with your app is to post results back to your Activity
through your onActivityResult
. You have to decide how much to trust that data (e.g., you may want to ask the user for verification before sending a possibly embarrassing email).
Any security threat model has to take into account what assets you protect, whom and what you trust, and the outside interaction and attack points. When it comes to speech recognition, the worst that can happen under the Android security model is that an external app does its worst on its own (using your app just as a trigger), or that it posts bad speech recognition results back.
精彩评论