Chapter 29 Broadcast Intents
More about protection levels
Every custom permission has to specify a value for android:protectionLevel. Your permission’s
protectionLevel tells Android how it should be used. In your case, you used a protectionLevel of
signature.
The signature protection level means that if another application wants to use your permission, it has
to be signed with the same key as your application. This is usually the right choice for permissions
you use internally in your application. Because other developers do not have your key, they cannot get
access to anything this permission protects. Plus, because you do have your own key, you can use this
permission in any other app you decide to write later.
Table 29.1 Values for protectionLevel
Value Description
normal This is for protecting app functionality that will not do anything dangerous like
accessing secure personal data or finding out where you are on a map. The user
can see the permission before choosing to install the app but is never explicitly
asked to grant it. android.permission.RECEIVE_BOOT_COMPLETED uses this
permission level, and so does the permission that lets your app vibrate the user’s
device.
dangerous This is for everything you would not use normal for – accessing personal data,
accessing hardware that might be used to spy on the user, or anything else that
could cause real problems. The camera permission, locations permissions,
and contacts permission all fall under this category. Starting in Marshmallow,
dangerous permissions require that you call requestPermission(...) at runtime
to ask the user to explicitly grant your app permission. (For more about how that
works, see Chapter 33.)
signature The system grants this permission if the app is signed with the same certificate
as the declaring application and denies it otherwise. If the permission is granted,
the user is not notified. This is for functionality that is internal to an app –
as the developer, because you have the certificate and only apps signed with
the same certificate can use the permission, you have control over who uses
the permission. You used it here to prevent anyone else from seeing your
broadcasts. If you wanted, you could write another app that listens to them, too.
signatureOrSystemThis is like signature, but it also grants permission to all packages in the
Android system image. This is for communicating with apps built into the
system image. If the permission is granted, the user is not notified. Most
developers do not need to use it.Passing and receiving data with ordered broadcasts
Time to finally bring this baby home. The last piece is to ensure that your dynamically registered
receiver always receives the PollService.ACTION_SHOW_NOTIFICATION broadcast before any other
receivers and that it modifies the broadcast to indicate that the notification should not be posted.