...
In this compliant solution the caller's identity is checked before any action is taken:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<activity android:configChanges="keyboard|keyboardHidden|orientation" android:name=".media.yfrog.YfrogUploadDialog" android:theme="@style/ VulnerableTheme.Dialog" android:windowSoftInputMode="stateAlwaysHidden" android:exported="false"> </activity>TBD |
By declaring android:exported="false" for an activity tag in the AndroidManifest.xml file, the activity is restricted to only accept intents from within the same app or from an app with the same user ID.
...