Android implements a few key tools used to
communicate with or coordinate between programs securely. These
mechanisms give Android applications the ability to run processes in
the background, offer services consumed by other applications, safely
share relational data, start other programs, and reuse components from
other applications safely.
Much of the
interprocess communication (IPC) that occurs on Android is done through
the passing around of a data structures called Intents.
These are collections of information that have a few expected
properties the system can use to help figure out where to send an
Intent if the developer wasn’t explicit. The Action property expresses
what the Intent is for (the Intent.ACTION_VIEW action indicates that
the data is to be displayed to the user, for example). The data
property is an optional URI and could point to a file, contact, web
page, phone number, and so on. Intents also potentially have a
collection of key/value pairs called extras, as well as flags,
components, and other more advanced features, only some of which we
Each of these IPC
mechanisms uses Intents in some capacity and is probably somewhat
familiar to most Android developers. However, because using these
safely is key to Android security, let’s briefly review each mechanism:
Activities are interactive
screens used to communicate with users. A “Hello World” Android
application is just an Activity, configured with a resource that says
“Hello World.” Intents are used to specify an Activity, and this may be
done ambiguously to allow the user to configure their preferred handler.
a way to send messages between applications—for example, alerting
listeners to the passage of time, an incoming message, or other data.
When sending a broadcast an application puts the message to be sent
into an Intent. The application can specify which Broadcasts they care
about in terms of the Intents they wish to receive by specifying an
are background processes that toil away quietly in the background. A
service might play music; others handle incoming instant messages, file
transfers, or e-mail. Services can be started using an Intent.
ContentProviders provide a way
to efficiently share relational data between processes securely. They
are based on SQL and should be used carefully. Some of the nice user
interface (UI) widgets Android provides make using ContentProviders
very tempting, even when data isn’t highly relational. ContentProviders
can be secured with Android permissions, and used to share data between
processes, like files might be on traditional Unix like systems.
provides a highly efficient communication mechanism on Android. It is
implemented in the kernel, and you can easily build RPC interfaces on
top of it using the Android Interface Definition Language (AIDL).
Binder is commonly used to bridge Java and native code running in