一、前言

public activity可任意引用的应用程序。其风险是恶意软件可以接收或发送intent到public Activity，注意事项有：

1、显式设置导出属性为true。@b@2、注意接收到的intent是否为恶意。@b@3、返回结果时不能包含敏感数据。

二、代码示例

1.AndroidManifest.xml

<?xml version="1.0" encoding="utf-8"?>?@b@<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="org.jssec.android.activity.publicactivity" >@b@ @b@       <application@b@              android:allowBackup="false"          @b@              android:icon="@drawable/ic_launcher"@b@              android:label="@string/app_name" >@b@ @b@              <!-- Public Activity -->?@b@              <!-- *** POINT 1 *** Explicitly set the exported attribute to true. -->@b@              <activity@b@                     android:name=".PublicActivity"@b@                     android:label="@string/app_name"@b@                     android:exported="true">@b@ @b@                     <!-- Define intent filter to receive an implicit intent for a specified action -->@b@                     <intent-filter>@b@                            <action android:name="org.jssec.android.activity.MY_ACTION" />@b@                            <category android:name="android.intent.category.DEFAULT" />    @b@                     </intent-filter>@b@              </activity>@b@       </application>@b@</manifest>

2.PublicActivity.java

package org.jssec.android.activity.publicactivity;@b@ @b@import android.app.Activity;@b@import android.content.Intent;@b@import android.os.Bundle;@b@import android.view.View;@b@import android.widget.Toast;@b@ @b@public class PublicActivity extends Activity {@b@ @b@       @Override public void onCreate(Bundle savedInstanceState) {@b@              super.onCreate(savedInstanceState); setContentView(R.layout.main); @b@              String param = getIntent().getStringExtra("PARAM"); @b@              Toast.makeText(this, String.format("Received param: ￥"%s￥"", param), Toast.LENGTH_LONG).show();@b@       } @b@       public void onReturnResultClick(View view) {  @b@              Intent intent = new Intent(); @b@              intent.putExtra("RESULT", "Not Sensitive Info"); @b@              setResult(RESULT_OK, intent); finish();@b@       }@b@}

3.PublicUserActivity.java

package org.jssec.android.activity.publicuser;@b@ @b@import android.app.Activity; @b@import android.content.ActivityNotFoundException;@b@import android.content.Intent; @b@import android.os.Bundle; @b@import android.view.View; @b@import android.widget.Toast;@b@ @b@public class PublicUserActivity extends Activity {@b@ @b@       private static final int REQUEST_CODE = 1;@b@ @b@       @Override public void onCreate(Bundle savedInstanceState) {@b@              super.onCreate(savedInstanceState);@b@              setContentView(R.layout.main);@b@       }@b@ @b@       public void onUseActivityClick(View view) {@b@ @b@              try {  @b@                     Intent intent = new Intent("org.jssec.android.activity.MY_ACTION");       @b@                     intent.putExtra("PARAM", "Not Sensitive Info");@b@                     startActivityForResult(intent, REQUEST_CODE);@b@              } catch (ActivityNotFoundException e) { @b@                     Toast.makeText(this, "Target activity not found.", Toast.LENGTH_LONG).show();@b@              }@b@       }@b@ @b@       @Override @b@       public void onActivityResult(int requestCode, int resultCode, Intent data) {@b@              super.onActivityResult(requestCode, resultCode, data); @b@             @b@              if (resultCode != RESULT_OK) return; @b@              switch (requestCode) { @b@              case REQUEST_CODE:@b@                     String result = data.getStringExtra("RESULT"); @b@                     Toast.makeText(this, String.format("Received result: ￥"%s￥"", result),              @b@                     Toast.LENGTH_LONG).show();@b@                     break;@b@              }@b@       }@b@}