Exported service does not require permission: what does it mean?

Question

I created a service that is bound by other applications through AIDL, and I add it to the manifest as follows:

Answer 1

If you want to restrict you activity usage to your own application, then you should add exported=false to your activity's manifest statement.

If you want to allow other applications to use it (explicitly through its class name or, better, by using an intent with a data type or action) then you have two choices :

• restrict those applications by using a permission
• allow all applications to use it, then you can add tools:ignore="ExportedActivity" to your activity's manifest statement.

--

Same reasonning applies to a service, with tools:ignore="ExportedService" and content providers with tools:ignore="ExportedContentProvider".