I have 2 application “A” and “B”
Application “A” is signed with certificate C_A and “B” with C_B
in “A”
<activity android:name=".ActivityA" android:protectionLevel="signature" android:label="@string/app_name">
<intent-filter>
<action android:name="com.temp.packagea" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
in app “B”
Intent i = new Intent();
i.setAction("com.temp.package");
startActivity(i);
and the problem is that the application A is started with no problems from application B.
How can I protect starting activity in my app from application that are signed with the same signature as mine.
protectionLevelis not a valid attribute for an Activity tag within a manifest. TheprotectionLeveltag applies to a<permission>element and is used when your application is specifying a new permission (not one of the default Android system permissions).It looks like you are trying to prevent applications from invoking an
Activity(A, in your example) if they are not signed with the same certificate as the containing application. What you want to do here is to declare a new permission in the manifest (of the application containing A) by using a<permission>element and set theprotectionLevelof your new permission toSignature. Then, in your manifest declaration for theActivity, use anandroid:permissionattribute so that this new permission is required to start theActivity. For any other application that you want to be able to invoke theActivity, you just need to add auses-permissionelement in that other application’s manifest and specify the new permission you created. Since that permission is aSignaturepermission, the system will automatically grant it when the new application is installed.