问题
I have an NFC activity which specifies an intent filter and data. This is something like
<intent-filter>
<action android:name="android.nfc.action..." />
<category android:name="android.intent.category.DEFAULT" />
<data
android:host="..."
android:path="..." />
</intent-filter>
Now the concern here is that since I have not included android:exported="false". it makes this activity susceptible to malicious attack from outside apps as the activity is now publicly available. The problem here is that if I put the exported attribute as false, I am not able to get the activity called from the outside intent (which is supposed to trigger the activity via onNewIntent() )
Is there a way to make the activity "safe" while not affecting its general triggering mechanism i.e. via outside intent?
回答1:
If you need to get notified about tags, you need the intent filter. The tag dispatcher uses this to find interested activities to consider when a tag is scanned. If you make your activity private, there will be no way of notifying it, as you have seen. What 'malicious attacks' are you concerned about? Your activity is as safe as you code it to be: if you only handle NFC intents, you will be 'safe' (unless of course the NFC payload triggers a device-wiping code or something...)
来源:https://stackoverflow.com/questions/12718231/making-nfc-activity-private-without-androidexported-false