What is the use for explicit intents between different applications in Android environment?

2
votes

Discussing about Android Security a question raised and we could not find a reasonable answer (maybe naive questions):

  1. Why does an Android Application declare an activity/receiver/service in the manifest without an intent-filter and with the tag exported=true?
  2. How another application can send an explicit-intent to the receiver declared as above? Please, give a code example if possible.
  3. What are the implications about that?

Example found on Application Manifests: package = "com.google.android.youtube" Application: android:name="com.google.android.apps.youtube.app.YouTubeApplication" Receiver: android:name="com.google.android.apps.youtube.core.player.notification.ExternalPlaybackControllerV14$RemoteControlIntentReceiver" android:exported="true"

1
androidsecurityandroid-intentpermissions

1 Answers

2
votes

An explanation for the example you have given is pretty easy. The example you've given is for a BroadcastReceiver component. This component has android:exported="true" so that it can be called from other components external to the application. A good example of this use is AlarmManager. If the application wants to use AlarmManager to set an alarm, the component which the AlarmManager calls when the alarm goes off must be publicly available. The reason is that AlarmManager must be able to start the component, even if your application is not running. To do that, the component must be declared in the manifest and it must be publicly available (ie: "android:exported="true").

In general, anytime your application creates an explicit Intent, and then passes this Intent (using PendingIntent) to another component that is external to your application, the component in question must be publicly available.

You asked for a code example. Another application could trigger the BroadcastReciever component you've given in the example like this:

Intent intent = new Intent();
intent.setClassName("com.google.android.youtube",
                    "com.google.android.apps.youtube.core.player.notification.ExternalPlaybackControllerV14$RemoteControlIntentReceiver");
sendBroadcast(intent);

Hope this answers all your questions.