(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)

A Pending Intent is an intent that can be given to another application for it to use later, see: [Android API 2013] class PendingIntent. The application receiving the pending intent can perform the operation(s) specified in the pending intent with the same permissions and the same identity as the application that produced the pending intent. Consequently, the pending intent should be built with care, and must always contain base intents that have the component name set explicitly to a component owned by the originating application. This ensures that the base intents are ultimately sent to appropriate locations and nowhere else. An implicit intent must never be included in a pending intent.

Noncompliant Code Example

This noncompliant code example shows an application that creates a pending intent containing an implicit intent.

TBD

An application could intercept the implicit intent and pass it on to an inappropriate location, while both the intent originator and the intent recipient would remain unaware that the intent had been intercepted.

Compliant Solution

In this compliant solution the pending intent contains an explicit intent that cannot be misdirected.

TBD

Risk Assessment

Failing to pass an explicit intent to a pending intent could allow the intent to be misdirected, thereby leaking sensitive information and/or altering the data flow within an app.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD21-J

Medium

Probable

Medium

P8

L2

Automated Detection

A straightforward static analysis can perform reasonably well at detecting violations of this rule.

Bibliography