Android - Broadcast Receiver - Caller Check

I am writing an Android application where I need to receive some broadcasts sent by the system. I want to make sure the broadcasts are indeed sent by the system. I found this OWASP video .

At 18:00 in the video, the speaker suggests one way to check the broadcast source to use (check his slide):

 Binder.getCallingUid () == Process.SYSTEM_UID

      

I tried to test this in my application, but this API gives me the uid of my own application.

I found this explanation from Dianne Hackborn:

 Binder.getCallingUid() returns the UID of the caller when processing 
 an incoming Binder IPC.  The value that is returned will vary depending 
 on whether you are in the context of dispatching an incoming IPC or 
 something else.

 Also, code will often call Binder.clearCallingIdentity() to clear the 
 calling information after it has verified it so that further operations
 are considered to be coming from the current uid.

      

Also, from the docs :

 Return the Linux uid assigned to the process that sent you the current 
 transaction that is being processed. This uid can be used with 
 higher-level system services to determine its identity and check permissions. 
 If the current thread is not currently executing an incoming transaction, 
 then its own uid is returned.

      

Given these two explanations, API of Binder.getCallingUid

any use in Android component lifecycle events (I tested in onReceive of BroadcastReceiver, onStartCommand of Service)?

If not, why is OWASP asking us to use it?

+3
android android-intent android-broadcast android-binder


source to share


No one has answered this question yet

See similar questions:

0
How do I find out the calling activity for a content provider in Android?

or similar:

3606
Close / hide Android soft keyboard
3295
Why is the Android emulator so slow? How can we speed up the development of an Android emulator?
3288
Correct use cases for Android UserManager.isUserAGoat ()?
2609
Is there a unique identifier for an Android device?
2510
How to persist android activity state by persisting instance state?
2097
Is there a way to run Python on Android?
1858
"Debug certificate expired" error in Android Eclipse plugins
1844
What is "Context" on Android?
1270
How to pass data between activities in an Android app?
831
How to manage startActivityForResult on Android?



All Articles
Loading...
X
Show
Funny
Dev
Pics