I have 2 applications A and B.

I want to start an activity in B from A. So I am using an implicit intent. Is there any way to make sure that only the activity in B is invoked by the intent?

i.e In the event that a hacker puts his application on the device trying to receive the same intent, I want to prevent that.

Use the setPackage method to specify whicj app should handle the intent. Here is an example using ZXing:

final String ZXING = "com.google.zxing.client.android";
Intent intent = new Intent(ZXING + ".SCAN");
intent.setPackage(ZXING);

as documention says about android:exported=false:

android:exported
Whether or not the activity can be launched by components of other applications — "true" if it can be, and "false" if not. If "false", the activity can be launched only by components of the same application or applications with the same user ID. The default value depends on whether the activity contains intent filters. The absence of any filters means that the activity can be invoked only by specifying its exact class name. This implies that the activity is intended only for application-internal use (since others would not know the class name). So in this case, the default value is "false". On the other hand, the presence of at least one filter implies that the activity is intended for external use, so the default value is "true". This attribute is not the only way to limit an activity's exposure to other applications. You can also use a permission to limit the external entities that can invoke the activity (see the permission attribute).

so ,use android:exported=false in Activity B and use IntentSender in Activty for getting infromation of Intent means from which component want to start your Activty B

If you are using explicit intent, activity specified in intent would be invoked only.

You can add Data, Action, Categories, to limit filtering of component to target only your activity, in case of implicit intent.

You could encrypt any data sent in the intent using a simple Public/Private key encryption. A common approach is to use PGP encryption and Im sure there is a library that is compatible with Android out there.

This would make sure that any hacker would not be able to steal the data sent via intents, as long as they don't have the private key.

That being said, it may be tricky to handle the private key as a good hacker may be able to de-obfuscate/de-compile your application and grab your key. Therefore you may need to keep said key on a central server.