How to restrict content provider data across applications

Question

How can we ensure that certain applications are not able to access my data stored in content provider where in certain other applications can access that? Basically I need t

Answer 1

The easiest way is to protect the content provider with a permission you define. Make it a signature a permission so only apps signed with your certificate are allowed to get it.

See:

http://developer.android.com/guide/topics/security/security.html

http://developer.android.com/reference/android/R.styleable.html#AndroidManifestProvider

http://developer.android.com/guide/topics/manifest/provider-element.html

If doing this based on certificates is not sufficient, you will need to write the permission checks yourself. This is done by calling Binder.getCallingUid() for incoming calls to your applications, and deciding whether the given uid has permission to access your provider. Actually implementing a different policy that is actually secure requires a lot of careful thought and design, though.

Answer 2

In the AndroidManifest.xml, at the screen with the properties of your ContentProvider, you have two fields:

Read Permission WritePermission

So, you can define secure strings (also it may be path to some file) that are permissions for acces to your ContentProvider.

Applications that want to access your content provider must have that ones added in their UsesPermission elements.