All Android components can be secured using permissions. The following figure illustrates this concept:
Let's talk about permission declaration and enforcement for each component.
Any Activity can be secured by permission, by calling out the permission in Activity declaration in the
<activity> tag. For example, the Activity
OrderActivity with a custom permission
com.example.project.ORDER_BOOK will be declared as follows. Any component that tries to launch
OrderActivity needs to have this custom permission.
<activity android:name=".OrderActivity" android:permission="com.example.project.ORDER_BOOK" android:exported="false"/> ...