鉴权风险
peterlirui opened this issue · comments
PeterLi commented
鉴权的参数都是APP自己传的,包括密钥和uid,如果第三方APP被逆向了,密钥和uid被伪造,岂不是有风险?binder在Framework层获取uid相对风险可控,server端可以根据uid和包名做校验
SophiaGuo commented
现在就有用uid和包名做判断的
Hardcoder is a solution which allows Android APP and Android System to communicate with each other directly, solving the problem that Android APP could only use system standard API rather than the hardware resource of system.
peterlirui opened this issue · comments
鉴权的参数都是APP自己传的,包括密钥和uid,如果第三方APP被逆向了,密钥和uid被伪造,岂不是有风险?binder在Framework层获取uid相对风险可控,server端可以根据uid和包名做校验
现在就有用uid和包名做判断的