Sync adapter service exported but unprotected

Fellow Developers!

I have a sync adapter in my app and a corresponding sync service. I have declared everything, including the sync service, according to Google example code. The greater picture looks something like this:



        android:resource="@xml/syncadapter" />


While it makes sense to set the android:exported attribute to true on the service (enabling the Android system to reach it), I’m a bit puzzled on how to tie it down in terms of access rights. I don’t want anyone else but my app and the Android system to have access to the service.

Maybe a bit naively I have created my own permission for this:

    android:protectionLevel="signatureOrSystem" />

But reading up a bit on the protectionLevel makes me wonder even more. Google says:

Please avoid using this option […] “signatureOrSystem” permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.

The described scenario is far from my use case. The question then remains:

How do I secure my sync service so that the Android system, but no third party apps, can access it?

Any clarification would be greatly appreciated!


It doesn’t look like there is a SyncAdapter permission. I’m guessing that we can safely ignore the error. See the bug filed here:

Leave a Reply

Your email address will not be published. Required fields are marked *