一、前言

private activity是不能由其他程序运行的Activity，是最安全的Activity。存在的风险有：第三方接口可以读取Intent以开启私有Activity。如果使用敏感信息来开启intent，需要确保访问敏感信息不被获取。

创建和使用要点如下所示：

1、不要指定taskAffinity@b@2、不要指定launchMode@b@3、导出的属性设置为false@b@4、留意接收intent。@b@5、确保敏感信息在同一个程序中发送和接收。

二、代码示例

1.AndroidManifest.xml

<?xml version="1.0" encoding="utf-8"?>@b@<manifest xmlns:android="http://schemas.android.com/apk/res/android"@b@       package="org.jssec.android.activity.privateactivity" >@b@      @b@       <application@b@              android:allowBackup="false"@b@              android:icon="@drawable/ic_launcher"@b@              android:label="@string/app_name" >@b@ @b@              <!-- Private activity -->@b@              <!-- *** POINT 1 *** Do not specify taskAffinity -->@b@              <!-- *** POINT 2 *** Do not specify launchMode -->@b@              <!-- *** POINT 3 *** Explicitly set the exported attribute to false. -->@b@ @b@              <activity@b@                     android:name=".PrivateActivity"@b@                     android:label="@string/app_name"@b@                     android:exported="false" />@b@ @b@              <!-- Public activity launched by launcher -->@b@              <activity@b@                     android:name=".PrivateUserActivity"@b@                     android:label="@string/app_name"@b@                     android:exported="true" >@b@                     <intent-filter>@b@                            <action android:name="android.intent.action.MAIN" />@b@                            <category android:name="android.intent.category.LAUNCHER" />@b@                     </intent-filter>@b@              </activity>@b@       </application>@b@</manifest>

2.PrivateActivity.java的编码示例

package org.jssec.android.activity.privateactivity;@b@@b@import android.app.Activity;@b@import android.content.Intent;@b@import android.os.Bundle;@b@import android.view.View;@b@import android.widget.Toast;@b@ @b@public class PrivateActivity extends Activity {@b@ @b@       @Override@b@       public void onCreate(Bundle savedInstanceState) {@b@              super.onCreate(savedInstanceState);@b@              setContentView(R.layout.private_activity);@b@ @b@              // *** POINT 4 *** Handle the received Intent carefully and securely, even though the Intent was sent from the@b@same application.@b@              // Omitted, since this is a sample. Please refer to "3.2 Handling Input Data Carefully and Securely."@b@              String param = getIntent().getStringExtra("PARAM");@b@              Toast.makeText(this, String.format("Received param:  3.2 Handliram), Toast.LENGTH_LONG).show();@b@       }@b@ @b@       public void onReturnResultClick(View view) {@b@ @b@              // *** POINT 5 *** Sensitive information can be sent since it is sending and receiving all within the same app@b@lication.@b@              Intent intent = new Intent();@b@              intent.putExtra("RESULT", "Sensitive Info");@b@              setResult(RESULT_OK, intent);@b@              finish();@b@       }     @b@}@b@ @b@敏感信息保密：@b@PrivateUserActivity.java@b@ @b@package org.jssec.android.activity.privateactivity;@b@ @b@import android.app.Activity;@b@import android.content.Intent;@b@import android.os.Bundle;@b@import android.view.View;@b@import android.widget.Toast;@b@ @b@public class PrivateUserActivity extends Activity {@b@ @b@       private static final int REQUEST_CODE = 1;@b@ @b@       @Override@b@       public void onCreate(Bundle savedInstanceState) {@b@              super.onCreate(savedInstanceState);@b@              setContentView(R.layout.user_activity);@b@       }@b@ @b@       public void onUseActivityClick(View view) {@b@              // *** POINT 6 *** Do not set the FLAG_ACTIVITY_NEW_TASK flag for intents to start an activity.@b@              // *** POINT 7 *** Use the explicit Intents with the class specified to call an activity in the same application.@b@              Intent intent = new Intent(this, PrivateActivity.class);@b@ @b@              // *** POINT 8 *** Sensitive information can be sent only byputExtra() since the destination activity is in the same application.@b@              intent.putExtra("PARAM", "Sensitive Info");@b@ @b@              startActivityForResult(intent, REQUEST_CODE);@b@       }@b@ @b@       @Override@b@       public void onActivityResult(int requestCode, int resultCode, Intent data) {@b@              super.onActivityResult(requestCode, resultCode, data);@b@              if (resultCode != RESULT_OK) return;@b@ @b@              switch (requestCode) {@b@              case REQUEST_CODE:@b@                     String result = data.getStringExtra("RESULT");@b@ @b@                     // *** POINT 9 *** Handle the received data carefully and securely,@b@                     // even though the data comes from an activity within the same application.@b@                     // Omitted, since this is a sample. Please refer to "3.2 Handling Input Data Carefully and Securely."@b@                     Toast.makeText(this, String.format("Received result:   2 Handling Input Data Carefully and Securel                     break;@b@              }@b@       }@b@}