Android

Space shortcuts

Page tree

Versions Compared

Old Version 42

changes.mady.by.user Unknown User (lflynn)

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Acting on receipt of an intent without validating the caller's identity may lead to sensitive data being revealed, or to denial of service.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD09-J

High

Probable

Medium

P12

L1

Automated Detection

Automatic detection of the receipt of an intent is straightforward. It is not feasible to automatically determine whether appropriate checks are made of the caller's identity or whether appropriate permission requirements have been set in the manifest.

Tool

Version

Checker

Description

Related Vulnerabilities

  • JVN#31860555  Twicca fails to restrict access permissions  

Related Guidelines

Android Secure Design / Secure Coding Guidebook by JSSEC

4.1.1.1 Creating/using private activities  
4.1.3.1. Combining exported attributes and and intent filter settings (for activities)  
4.1.3.2. Validating the requesting application

Bibliography

[JSSEC 2014]4.1 To use and to make an activity 

...