4

I have two apps that both log in to the same system but they have separate functions and may not both be installed at the same time. I can sign the two apps with the same signature no problem, even make them run in the same process.

How can I store the login cookie (among other things) in such a way that it is shared by both apps and still be secured from unknown apps?

700 Software
  • 85,281
  • 83
  • 234
  • 341

3 Answers3

4

Shared user ID should get you access to each other's private storage, you would just need to figure out if the other was already installed, figure out the absolute path to its private storage and then look and see if it had the cookie. Hopefully you won't starve at the table of philosophers.

Chris Stratton
  • 39,853
  • 6
  • 84
  • 117
  • 1
    I doubt there would be a concurrency issue, especially if he's accessing the login from a running Activity's context. But this is a better solution than content-providers (too heavyweight, accessible to other apps) or saving something to system-wide shared storage. – Yoni Samlan Nov 30 '10 at 19:12
  • Since the sharedUserId has been deprecated, is there a better way to do the same right now? – BATMAN May 26 '21 at 21:10
1

Here's a good solution:

What's the best way to do "application settings" in Android?

Since you want to share this between two applications, regardless of the way you want to implement it, don't forget that this will be visible to all applications. You may want to encrypt your password or session ID. Here's an example:

http://android.voxisland.com/code_examples/How_to_encrypt_and_decrypt_strings.rhtml

Good luck!

Community
  • 1
  • 1
Emmanuel
  • 16,791
  • 6
  • 48
  • 74
0

Err... what's it called... a data provider? Nope. I'm getting "Service" and "Content Provider" mixed up.

Put both apps and the login service in the same process. Either app should be able to start the service or query it for session info and anything else you might want to put there.

Alternatively, you can put all that information into a shared database.

The login dialog itself probably has to be an activity, and I'm not sure if you can have an activity within a service. You may need duplicate login screens in your apps that could then pass the session data to your service for sharing purposes.

I'm not sure if the service would have to be a separate install, or something that could be bundled with both apps.

Mark Storer
  • 15,672
  • 3
  • 42
  • 80
  • This might work, but unless they want to install a 3rd apk from the market (non market installs require settings changes not possible on all phones), it would probably require two uniquely named but identical copies of the service, one in each apk, and some logic figure out which one to start. – Chris Stratton Nov 30 '10 at 16:55
  • I'm thinking "two identical copies". ALTHOUGH... there are several apps on the market that require you to have some Other Thing installed already. AIR, for example. Publish the service as a "software library" and you're good to go. – Mark Storer Nov 30 '10 at 17:34