You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

On Android, declaring an intent filter for an activity in the AndroidManifest.xml file means exporting the activity to other apps. If the activity is intended solely for the internal use of the app and an intent filter is declared, any other apps including malware can activate the activity for unintended use.

In the case of the twicca app, by launching twicca's activity, another app that does not have permission to access the SD card or network could upload images or movies stored on the SD card to an SNS service with the twicca user's twitter account.

Noncompliant Code Example

This noncompliant code example shows an application that acts on receiving an intent without checking the caller's identity:

AndroidManifest.xml
<activity android:configChanges="keyboard|keyboardHidden|orientation" android:name=".media.yfrog.YfrogUploadDialog" android:theme="@style/Vulnerable.Dialog" android:windowSoftInputMode="stateAlwaysHidden">            
	<intent-filter android:icon="@drawable/yfrog_icon" android:label="@string/YFROG">
		<action android:name="jp.co.vulnerable.ACTION_UPLOAD" />                 
		<category android:name="android.intent.category.DEFAULT" />                 
		<data android:mimeType="image/*" />                 
		<data android:mimeType="video/*" />             
	</intent-filter>         
</activity>

Compliant Solution (Checking Caller's Identity)

In this compliant solution the caller's identity is checked before any action is taken:

TBD

Compliant Solution (Setting Permission Requirements)

This compliant solution shows the permissions set in the manifest that prevent a malicious application from triggering an inappropriate action:

TBD

Risk Assessment

Acting on receipt of an intent without validating the caller's identity may lead to sensitive data being revealed or to denial of service.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD06-J

High

Probable

Medium

P12

L1

Automated Detection

Automatic detection of the receipt of an intent is straightforward. It is not feasible to automatically determine whether appropriate checks are made of the caller's identity or whether appropriate permission requirements have been set in the manifest.

Bibliography

  • No labels