...
By declaring android:exported="false" for an activity tag in the AndroidManifest.xml file, the activity is restricted to only accept intents from within the same app or from an app with the same user ID.
Compliant Solution (
...
Twicca)
This vulnerability was fixed in Twicca v0.9.31. In stead of declaring the activity to exported="false", twicca fixed this vulnerability by validating the caller of this activity. In onCreate() method of the activity classs, code is added to check if the package name of the calling is the same as the package name of itself. If they are different, the activity exitsThis compliant solution shows the permissions set in the manifest that prevent a malicious application from triggering an inappropriate action:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
public void onCreate(Bundle arg5) { super.onCreate(arg5); ... ComponentName v0 = this.getCallingActivity(); if(v0 == null) { this.finish(); } else if(!"jp.r246.twicca.equals(v0.getPackageName())) { this.finish(); } else { this.a = this.getIntent().getData(); if(this.a == null) { this.finish(); } ... } }TBD |
Risk Assessment
Acting on receipt of an intent without validating the caller's identity may lead to sensitive data being revealed or to denial of service.
...