KeePassDX icon indicating copy to clipboard operation
KeePassDX copied to clipboard

Published 20 hours ago verified publisher icon Kunzisoft

Use android:isolatedProcess to improve security

Open ghost opened this issue 1 year ago • 2 comments

“If set to true this service runs under a special process that is isolated from the rest of the system and has no permissions of its own. The only communication with it is through the Service API, with binding and starting”.

— “https://developer.android.com/guide/topics/manifest/service-element”

This feature is good because it makes more difficult for an attacker whom found an exploit to compromise user’s data.

Example:

< service android:name="com.kunzisoft.keepass.services.DatabaseTaskNotificationService" android:enabled="true" android:exported="false" android:isolatedProcess=“true” />

ghost avatar Jan 02 '24 11:01 ghost

“[...] this service [...] has no permissions of its own.”

This flag is intended to restrict your app's service to access other parts of your app or the android system itself. It can be used by your app to safely (more or less) run untrusted code.

It does not, however, protect your service or even the entire app from malicious access by an attacker.

gu-hu avatar Jan 05 '24 10:01 gu-hu

@rakearyo Could you update the link to Android Dev Docs?

mrghosti3 avatar Jan 16 '24 11:01 mrghosti3