...
Automatic detection of the receipt of an intent is straightforward. It is not feasible to automatically determine whether appropriate checks are made of the caller's identity or whether appropriate permission requirements have been set in the manifest.
Related Vulnerabilities
- JVN#31860555 twicca twicca fails to restrict access permissions https://jvn.jp/en/jp/JVN31860555/permissions
Related Guidelines
Android Secure Coding Guidebook by JSSEC | 4.1.1.1 Create and use private activity 4.1.3.1. The combination of exported flag and the intent-filter 4.1.3.2. Validate the caller of the activity |
...