Blog Infos
Author
Published
Topics
Author
Published
Introduction
Example #1 — ‘Mis-Intent-ion’
Exploiting Exports

Image credit: https://blog.mzfr.me/posts/2020-11-07-exported-activities

Job Offers

Job Offers


    Mobile Engineer

    OLX Group
    Remote, Portugal, Spain, Romania, Poland
    • Full Time
    apply now

    Kotlin Multiplatform Mobile Developer

    Touchlab
    Remote
    • Full Time
    apply now

    Android Software Engineer (f/m/d)

    Paradox Cat GmbH
    Munich
    • Full Time
    apply now
Load more listings

OUR VIDEO RECOMMENDATION

, ,

From Scoped Storage to Photo Picker: Everything to know about Storage

Persistence is a core element of every mobile app. Android provides different APIs to access or expose files with different tradeoffs.
Watch Video

From Scoped Storage to Photo Picker: Everything to know about Storage

Yacine Rezgui
Android developer advocate
Google

From Scoped Storage to Photo Picker: Everything to know about Storage

Yacine Rezgui
Android developer ad ...
Google

From Scoped Storage to Photo Picker: Everything to know about Storage

Yacine Rezgui
Android developer advocat ...
Google

Jobs

In the companion app written for my talk, this is demonstrated through misconfiguring an activity MainActivity to be exportable despite it normally requiring ‘authentication’ to access it from within the app.

<activity
android:name=".login.LoginActivity"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<activity
android:name=".home.MainActivity"
android:exported="true" />

As MainActivity is exportable, it is possible to simply call adb to have the system open the activity and thus bypass the need for authentication.

adb shell am start -n dev.spght.owasp/dev.spght.owasp.home.MainActivity
view raw adb.sh hosted with ❤ by GitHub
The Fix
<!-- In the main application -->
<permission android:name="dev.spght.permission.example.MY_PERMISSION"
android:protectionLevel="signature"
android:label="A custom permission" />
<!-- In the secondary application -->
<uses-permission android:name="dev.spght.permission.example.MY_PERMISSION"/>
Next up 🚀
Thanks 🌟
Further Reading

YOU MAY BE INTERESTED IN

YOU MAY BE INTERESTED IN

blog
👋 Hi and welcome to the third post in this series where we deep-dive…
READ MORE
blog
Security and privacy are the two most talked about topics these days. Like any…
READ MORE
blog
👋 Hi and welcome to the second post in this series where we deep-dive…
READ MORE
blog
When I first released my open-source certificate transparency library for Android and the JVM,…
READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu