On Android, declaring an intent filter for an activity in the AndroidManifest.xml file means exporting that the activity may be exported to other apps. If the activity is intended solely for the internal use of the app and an intent filter is declared , then any other apps, including malware, can activate the activity for unintended use.
In the case of the Twicca appthe vulnerability in the Twicca app (in versions 0.7.0 through 0.9.30, see the link below), by launching Twicca's activity, another app that does not have permission to access the SD card or network could upload images or movies stored on the SD card to an SNS a social networking service with the Twicca user's Twitter account.
...
An Android developer can arbitrarily choose a package name, so different app developers could choose the same package name. Therefore, it is generally not recommended to use the package name for validating the caller of the activity . [JSSEC 2013]. The recommended alternative is to check the developer's certificate, instead of the package name.
...
- Only one app with a particular package name can exist on Google Play.
- If a user tries to install an app whose package name already exists on the installed appsdevice, the installation either will fail or will overwrite the previously installed app.
...
Acting on receipt of an intent without validating the caller's identity may lead to sensitive data being revealed, or to denial of service.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DRD09-J | High | Probable | Medium | P12 | L1 |
...