Android AIDL Check Client Identity upon connecting

Question

I have an app that acts as a service, and the second app needs to connect to it, so I'm using Android Interface Defenition Language (AIDL). What is the best approach to limit the service accepting only that specific app? and in which method the identity of the client app should happen?

I know a client should have a copy of .aidl file, but I need more ways to check who is connecting to the service.

Answer 1

There are ways to check the identity of the app connecting to your aidl service.

1. By checking the signing of the apps: If you want only the apps that are signed by the same key as your app or SystemApps can connect to your service refer kotlin code is below :

Same Key Sign and IsSyetm app:

 private fun isSameKeySinged(packageManager: PackageManager, packageNameOfTheOtherApp: String): Boolean {
        return packageManager.checkSignatures(
            BuildConfig.APPLICATION_ID, packageNameOfTheOtherApp
        ) == PackageManager.SIGNATURE_MATCH
    }

    private fun isSystemApp(packageManager: PackageManager, packageNameOfTheOtherApp: String): Boolean {
        try {
            val applicationInfo = packageManager.getApplicationInfo(
                packageNameOfTheOtherApp, 0
            )
            if (applicationInfo.flags and ApplicationInfo.FLAG_SYSTEM != 0 || applicationInfo.flags and ApplicationInfo.FLAG_UPDATED_SYSTEM_APP != 0) {
                return true
            }
        } catch (e: PackageManager.NameNotFoundException) {
            e.printStackTrace()
        }

        return false
    }

2. By Checking the caller App: You can retrieve the package name of the caller using getCalledId inside the methods which other app call:

val callingApp = packageManager.getNameForUid(Binder.getCallingUid())