Summary

In this chapter, we reviewed the four components of an Android system—Activities, Services, Content Providers, and Broadcast Receivers, and inter-component communication mechanisms—Intents and Binders. Security begins with secure declaration of these components. As is the general rule with security, exposing the minimum is always a good idea. All Android components are protected by permissions. Intents are asynchronous components and should always validate their input. Intent Filters are a good way to reduce the attack surface of an application, but an explicit Intent can still send Intents to it. Now that we understand the Android components and communication mechanism, let's move on to the next chapter to review Android permissions in detail.