Intercepting an intent from an external applicatio

2020-06-04 07:57发布

问题:

Suppose I want to develop an application that extends in some way (let me say "cooperate with") a very popular application I obviously don't have control over. Let us also suppose, for sake of simplicity, that the very famous application author won't release an update to block my application.

I studied the application's functionality and identified that it widely uses BroadcastReceivers. I also know, from manifest, the com.famousvendor.intent.INTENT_NAME constants I might use.

The question is straightforward: if I create an application, namely org.zighinetto.tinyapp with a broadcast receiver set for intent com.famousvendor.intent.INTENT_NAME will the tiny app catch the broadcast? Or can those broadcast be received only by the process that fires them?

回答1:

will the tiny app catch the broadcast? Or can those broadcast be received only by the process that fires them?

There are a number of things that control this.

If the broadcast is secured with a permission, you will not be able to receive that broadcast unless you also hold that permission. It may not be possible for you to hold that permission, depending on the type of permission that it is.

Also, if the broadcast is an ordered broadcast, higher priority apps will receive that broadcast and can abort it (consuming the event, so lower-priority receivers do not get the broadcast). The priority is set via the <intent-filter> (or IntentFilter), and it may not be possible for you to have one that is higher priority than is their own app, depending upon the priority value the original developer held.

There are also other local-only scenarios (e.g., LocalBroadcastManager), though you would not see those in the manifest, and so we can assume that they are not what is being used here... today.

Let us also suppose, for sake of simplicity, that the very famous application author won't release an update to block my application.

They do not need to specifically block your application. They just need to decide whether or not they really want to have the API you are trying to exploit, and they may choose to lock it down if this was more of an accidental API. They might do so in response to a blog post by a balding guy, for example.