The CommonsBlog

Don't Have an Accidental API

Let’s say that you have a popular application. Furthermore, lets say that you have one or more BroadcastReceiver components, registered in the manifest, with custom actions in <intent-filter> elements.

By default, you have created an API.

In fact, you have created what amounts to two APIs:

  1. Other apps can send broadcasts to your receiver.

  2. Other apps can monitor your broadcasts, by having their own receiver tied to that same Intent action (which they mined out of your manifest via decompiling)

The former can be fixed by not exporting the component (android:exported="false"), though in this case you really should not have the <intent-filter> in the first place, most likely. Just use an explicit Intent to communicate with this receiver, as <receiver> elements without <intent-filter> elements are automatically not exported.

Both can be secured by use of permissions (particularly custom signature permissions), or by changing away from public broadcasts in general (e.g., switch to LocalBroadcastManager).

If that sounds like work, well, it is.

If you wonder why you need to go through that work, bear in mind that others out there are aware of these accidental APIs and will try to exploit them.

Any exported component is an API, whether intentional or accidental. So, an activity with an <intent-filter> can be started at any time, for any reason, by anyone. Likewise a service or a ContentProvider.

Intentional APIs, with documentation and support and the like, are wonderful. Accidental APIs represent possible security issues at worst, and possible dependency issues (“hey, I was using the XYZ that you had exported, and now my ‘add-on’ app is broken!”) at best.

Create an intentional API. Don’t have an accidental API.

The Busy Coder’s Guide to Android Development: the most Android knowledge allowed by law! :-)