Android

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Unknown User (lflynn)

Saved on

compared with

New Version 6

changes.mady.by.user Unknown User (lflynn)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This noncompliant code example shows an AndroidManifest.xml file for an application that acts on receiving an intent without checking the caller's identityexports the activity to other apps, but does not restrict access to its sensitive activity:

Code Block
bgColor#FFCCCC
languagehtml/xml
titleAndroidManifest.xml
<activity android:configChanges="keyboard|keyboardHidden|orientation" android:name=".media.yfrog.YfrogUploadDialog" android:theme="@style/Vulnerable.Dialog" android:windowSoftInputMode="stateAlwaysHidden">            
	<intent-filter android:icon="@drawable/yfrog_icon" android:label="@string/YFROG">
		<action android:name="jp.co.vulnerable.ACTION_UPLOAD" />                 
		<category android:name="android.intent.category.DEFAULT" />                 
		<data android:mimeType="image/*" />                 
		<data android:mimeType="video/*" />             
	</intent-filter>         
</activity>

...