Blog Infos
Author
Published
Topics
Author
Published
Introduction
Example #1 β€” β€˜Mis-Intent-ion’
Exploiting Exports

Image credit: https://blog.mzfr.me/posts/2020-11-07-exported-activities

Job Offers

Job Offers

There are currently no vacancies.

OUR VIDEO RECOMMENDATION

No results found.

Jobs

In the companion app written for my talk, this is demonstrated through misconfiguring an activity MainActivity to be exportable despite it normally requiring ‘authentication’ to access it from within the app.

<activity
android:name=".login.LoginActivity"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<activity
android:name=".home.MainActivity"
android:exported="true" />

As MainActivity is exportable, it is possible to simply call adb to have the system open the activity and thus bypass the need for authentication.

adb shell am start -n dev.spght.owasp/dev.spght.owasp.home.MainActivity
view raw adb.sh hosted with ❤ by GitHub
The Fix
<!-- In the main application -->
<permission android:name="dev.spght.permission.example.MY_PERMISSION"
android:protectionLevel="signature"
android:label="A custom permission" />
<!-- In the secondary application -->
<uses-permission android:name="dev.spght.permission.example.MY_PERMISSION"/>
Next up πŸš€
Thanks 🌟
Further Reading

YOU MAY BE INTERESTED IN

YOU MAY BE INTERESTED IN

blog
πŸ‘‹ Hi and welcome to the third post in this series where we deep-dive…
READ MORE
blog
Protect your user’s privacy and adhere to possible technical requirements
READ MORE
blog
Security and privacy are the two most talked about topics these days. Like any…
READ MORE
blog
πŸ‘‹ Hi and welcome to the second post in this series where we deep-dive…
READ MORE
Menu