Don't Have an Accidental API
Let’s say that you have a popular application. Furthermore, lets say
that you have one or more
BroadcastReceiver components, registered
in the manifest, with custom actions in
By default, you have created an API.
In fact, you have created what amounts to two APIs:
Other apps can send broadcasts to your receiver.
Other apps can monitor your broadcasts, by having their own receiver tied to that same
Intentaction (which they mined out of your manifest via decompiling)
The former can be fixed by not exporting the component
android:exported="false"), though in this case you really should
not have the
<intent-filter> in the first place, most likely. Just
use an explicit
Intent to communicate with this receiver, as
<receiver> elements without
<intent-filter> elements are automatically
Both can be secured by use of permissions (particularly custom
signature permissions), or by changing away from
public broadcasts in general (e.g., switch to
If that sounds like work, well, it is.
If you wonder why you need to go through that work, bear in mind that others out there are aware of these accidental APIs and will try to exploit them.
Any exported component is an API, whether intentional or accidental.
So, an activity with an
<intent-filter> can be started at any time,
for any reason, by anyone. Likewise a service or a
Intentional APIs, with documentation and support and the like, are wonderful. Accidental APIs represent possible security issues at worst, and possible dependency issues (“hey, I was using the XYZ that you had exported, and now my ‘add-on’ app is broken!”) at best.
Create an intentional API. Don’t have an accidental API.
Need an extra hand with your Android app development project? CommonsWare can help — reach out for details!