Android

Space shortcuts

Page tree

Versions Compared

Old Version 20

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Using an implicit intent can leak sensitive information to malicious apps or result in denial of service.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD03-J

Medium

Probable

Medium

P8

L2

Automated Detection

Automatic detection of the use of Context.sendBroadcast() is trivial. It is not feasible to automatically determine whether LocalBroadcastManager.sendBroadcast() can be used instead.

Tool

Version

Checker

Description

Related Vulnerabilities

  • JVN#67435981 LINE for Android vulnerable in handling of implicit intents
  • JVN#42625179 Loctouch for Android vulnerable in handling of implicit intents

Related Guidelines

Android Secure Design / Secure Coding Guidebook by JSSEC

4.2.2.5. When sending sensitive information with a broadcast, limit the receivable receiver

Bibliography

[Chin 2011]Analyzing Inter-Application Communication in Android

[JSSEC 2014]

4.2.2.5. When sending sensitive information with a broadcast, limit the receivable receiver

[viaForensics 2014]26. Android: avoid intent sniffing

...


...