Broadcasts —–Security considerations and best practices「建议收藏」

Broadcasts —–Security considerations and best practices「建议收藏」Herearesomesecurityconsiderationsandbestpracticesforsendingandreceivingbroadcasts:Ifyoudon’tneedtosendbroadcaststocomponentsoutsideofyourapp,thensendandreceivelocal

大家好,又见面了,我是你们的朋友全栈君。

Here are some security considerations and best practices for sending and receiving broadcasts:

  • If you don’t need to send broadcasts to components outside of your app, then send and receive local broadcasts with the LocalBroadcastManager which is available in the Support Library. The LocalBroadcastManager is much more efficient (no interprocess communication needed) and allows you to avoid thinking about any security issues related to other apps being able to receive or send your broadcasts. Local Broadcasts can be used as a general purpose pub/sub event bus in your app without any overheads of system wide broadcasts.

  • If many apps have registered to receive the same broadcast in their manifest, it can cause the system to launch a lot of apps, causing a substantial impact on both device performance and user experience. To avoid this, prefer using context registration over manifest declaration. Sometimes, the Android system itself enforces the use of context-registered receivers. For example, the CONNECTIVITY_ACTION broadcast is delivered only to context-registered receivers.

  • Do not broadcast sensitive information using an implicit intent. The information can be read by any app that registers to receive the broadcast. There are three ways to control who can receive your broadcasts:

    • You can specify a permission when sending a broadcast.
    • In Android 4.0 and higher, you can specify a package with setPackage(String) when sending a broadcast. The system restricts the broadcast to the set of apps that match the package.
    • You can send local broadcasts with LocalBroadcastManager.
  • When you register a receiver, any app can send potentially malicious broadcasts to your app’s receiver. There are three ways to limit the broadcasts that your app receives:

    • You can specify a permission when registering a broadcast receiver.
    • For manifest-declared receivers, you can set the android:exported attribute to “false” in the manifest. The receiver does not receive broadcasts from sources outside of the app.
    • You can limit yourself to only local broadcasts with LocalBroadcastManager.
  • The namespace for broadcast actions is global. Make sure that action names and other strings are written in a namespace you own, or else you may inadvertently conflict with other apps.

  • Because a receiver’s onReceive(Context, Intent) method runs on the main thread, it should execute and return quickly. If you need to perform long running work, be careful about spawning threads or starting background services because the system can kill the entire process after onReceive() returns. For more information, see Effect on process state To perform long running work, we recommend:

    • Calling goAsync() in your receiver’s onReceive() method and passing the BroadcastReceiver.PendingResult to a background thread. This keeps the broadcast active after returning from onReceive(). However, even with this approach the system expects you to finish with the broadcast very quickly (under 10 seconds). It does allow you to move work to another thread to avoid glitching the main thread.
    • Scheduling a job with the JobScheduler. For more information, see Intelligent Job Scheduling.
  • Do not start activities from broadcast receivers because the user experience is jarring; especially if there is more than one receiver. Instead, consider displaying a notification.



版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/149655.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)


相关推荐

  • idea激活码2021破解方法[通俗易懂]

    idea激活码2021破解方法,https://javaforall.cn/100143.html。详细ieda激活码不妨到全栈程序员必看教程网一起来了解一下吧!

  • tomcat面试题

    tomcat面试题1.tomcat给你你怎样去调优?1.JVM参数调优:-Xms表示JVM初始化堆的大小,-Xmx表示JVM堆的最大值。这两个值的大小一般根据需要进行设置。当应用程序需要的内存超出堆的最大值时虚拟机就会提示内存溢出,并且导致应用服务崩溃。因此一般建议堆的最大值设置为可用内存的最大值的80%。在catalina.bat中,设置JAVA_OPTS=’-Xms256m-Xmx512m’,表示

  • 通俗讲解 同步、异步、阻塞、非阻塞 编程

    通俗讲解 同步、异步、阻塞、非阻塞 编程#真正意义上的异步IO是说内核直接将数据拷贝至用户态的内存单元,再通知程序直接去读取数据。#select/poll/epoll都是同步IO的多路复用模式1.同步和异步#同步和异步关注的是消息通信机制#所谓同步,就是在发出一个*调用*时,没得到结果之前,该*调用*就不返回。但是一旦调用返回就得到返回值了,*调用者*主动等待这个*调用*的结果#所谓异步,就是在发出一个*调用*时,这个*调用*就直接返回了,不管返回有没有结果。当一个异步过程调用发出后,*被调用者*.

  • Python中如何定义变量类型_python流程控制的方式类型

    Python中如何定义变量类型_python流程控制的方式类型在python学习过程中会用到许多数据,那为了方便操作,需要把这些数据分别用一个简单的名字代表,方便在接下来的程序中引用。变量就是代表某个数据(值)的名称。python变量赋值如何定义操作注:py

  • 记tomcat部署war包的配置

    记tomcat部署war包的配置记tomcat部署war包的配置将war包放入Tomcat中将war包放到Tomcat目录下的webapps文件夹中;(大多数人的选择)如果放在此文件内,可能会导致项目路径出现问题。可以在Tomcat目录下自定义一个文件夹这里是自定义的myapps文件夹。定义war包路径打开conf/server.xml进行修改找到<host>部分,在其中加入代码<…

  • serialVersionUID详解「建议收藏」

    serialVersionUID详解「建议收藏」本人学习笔记,仅供自己查阅

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号