Top critical review
460 people found this helpful
there are only 3 reasons for sticky broadcasts.
on January 5, 2013
1) malicious intent because a sticky broadcast will blow by any other security and be global to the entire system. So they can easily be used for very nefarious reasons. 2) lazy programming. 3) some valid reason for some system level application that you truly truly trust that actually would need such access (I cannot think of a single example of a user level application that would need this level of access).
Unexplained sticky intents in a radio app are EXTREMELY suspicious. They are global and they stick around forever. They also blow past all other permissions and security since they are intended to be used at the SYSTEM level only. No radio app ever needs that level of access! Ever ever ever! Sorry, but no way in heck will I install this and I will definitely warn people about it. I did "buy it" as the free app of the day but when I noticed the permissions I did not actually install it and I will not as long as they have these ridiculous permissions embedded in it. Shame on this developer for trying to pull a fast one (or so it seems).
In fact, here is a direct quote from a developer of Android itself: " Er... there is NO reason to use sticky broadcasts for communication within your own app. In fact, I'll go farther and say you just should not do this. Sticky broadcasts are GLOBAL to the system. And because of this, performing a sticky broadcast is multiple orders of magnitude slower than just implementing direct calls within your own app (IPC for each receiver to register, IPC to the system to send it, IPC from the system back to your app to deliver it, marshalling and unmarshalling of all the data within the Intent over both IPCs).
More than that, there is NO protection on them, so any other application can watch your sticky broadcasts, or even send their own values back to you. (Btw, this is also issue with using any broadcasts within your own app. Broadcasts are really there for cross-application communication. It is just far more efficient and easier to implement these things within an app by having a callback interface.)
Now I am really regretting that I made that function public. :/
> And of course, if you want out of application notifications, you have > no other option.
You do have the option of using a normal broadcast rather than a sticky broadcast. You'll notice that there are basically no sticky broadcasts used by the system, at least that you see in the public APIs. In fact there are some places they are used internally, but even those are slowly going away as we discover security holes with them because there is no way to protect who can receive the broadcast data."
If you Google a block of this post you will find the original source Amazon will not allow me to post a link to it. (Update you can find the link to this in Daniel's comment, below! Turns out that links seem to be okay in replies, just not in reviews? At least it wouldn't allow me to do it. No matter, it's there.)