search

Kunzisoft / KeePassDX

Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
https://www.keepassdx.com/
GNU General Public License v3.0
4.55k stars 269 forks source link

Use android:isolatedProcess to improve security #1729

Open ghost opened 9 months ago

ghost commented 9 months ago

“If set to true this service runs under a special process that is isolated from the rest of the system and has no permissions of its own. The only communication with it is through the Service API, with binding and starting”.

— “https://developer.android.com/guide/topics/manifest/service-element

This feature is good because it makes more difficult for an attacker whom found an exploit to compromise user’s data.

Example:

< service android:name="com.kunzisoft.keepass.services.DatabaseTaskNotificationService" android:enabled="true" android:exported="false" android:isolatedProcess=“true” />

gu-hu commented 8 months ago

“[...] this service [...] has no permissions of its own.”

This flag is intended to restrict your app's service to access other parts of your app or the android system itself. It can be used by your app to safely (more or less) run untrusted code.

It does not, however, protect your service or even the entire app from malicious access by an attacker.

mrghosti3 commented 8 months ago

@rakearyo Could you update the link to Android Dev Docs?