I know this question has been asked before but I still looking for better answers as not convinced with other solutions.
My use case is - I want to share the authentication information between two different mobile apps. Basically, if a user is successfully logged in into one app, and then if the user open another app, the user should be logged in.
Did research and found Content Provider to be the solution.
I did POC on the same and found it very useful. But with content provider, it is preferable to use the android:protectionLevel attribute set to signature protection so that only the app signed using the same key can query the data from content provider. In my case, the apps are not signed using the same key. Without this, I find content provider to be less helpful because I need to share the authentication information and security is the topmost priority. If I've over looked anything over here, please highlight.
What I can do on top of it is - I can store the data in content provider by encrypting and decrypting in the other app. Then the next challenge that comes is, how can I securely save the encryption/decryption keys in the android application itself? Should I share it in the CPP files from which it is harder to get the information?
Is there any other secure way to make the data information available in other apps?
PS: This question is like a problem solving question where I am seeking guidance that's why didn't post any code over here. That would have been redundant.
You can use a service with AIDL to communicate between apps:
https://developer.android.com/guide/components/aidl
You may also need to define a query for Android 11 (API level 30)