Blog Infos
Author
Published
Topics
Author
Published
Introduction
Example #1 — ‘Mis-Intent-ion’
Exploiting Exports

Image credit: https://blog.mzfr.me/posts/2020-11-07-exported-activities

Job Offers

Job Offers


    Lead Android Engineer

    ASOS
    London
    • Full Time
    apply now

    Android Engineer

    American Express
    New York
    • Full Time
    apply now

    Senior Android Developer

    Komoot
    remote
    • Full Time
    apply now
Load more listings

OUR VIDEO RECOMMENDATION

, ,

The Evolution of Android Graphics in Android 12/13

Android 12 and 13 both added significant new capabilities to Android platform graphics, including RenderEffect, RuntimeShader, and more. At the same time, RenderScript has been deprecated and we’ve introduced the RenderScript Intrinsics Replacement Toolkit. This…
Watch Video

The Evolution of Android Graphics in Android 12/13

Daniel Galpin
Android Developer Advocate and Fast Talking YouTuber
Google

The Evolution of Android Graphics in Android 12/13

Daniel Galpin
Android Developer Ad ...
Google

The Evolution of Android Graphics in Android 12/13

Daniel Galpin
Android Developer Advocat ...
Google

Jobs

In the companion app written for my talk, this is demonstrated through misconfiguring an activity MainActivity to be exportable despite it normally requiring ‘authentication’ to access it from within the app.

<activity
android:name=".login.LoginActivity"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<activity
android:name=".home.MainActivity"
android:exported="true" />

As MainActivity is exportable, it is possible to simply call adb to have the system open the activity and thus bypass the need for authentication.

adb shell am start -n dev.spght.owasp/dev.spght.owasp.home.MainActivity
view raw adb.sh hosted with ❤ by GitHub
The Fix
<!-- In the main application -->
<permission android:name="dev.spght.permission.example.MY_PERMISSION"
android:protectionLevel="signature"
android:label="A custom permission" />
<!-- In the secondary application -->
<uses-permission android:name="dev.spght.permission.example.MY_PERMISSION"/>
Next up 🚀
Thanks 🌟
Further Reading

YOU MAY BE INTERESTED IN

YOU MAY BE INTERESTED IN

blog
Security and privacy are the two most talked about topics these days. Like any…
READ MORE
blog
👋 Hi and welcome to the second post in this series where we deep-dive…
READ MORE
blog
When I first released my open-source certificate transparency library for Android and the JVM,…
READ MORE

Leave a Reply

Your email address will not be published.

Fill out this field
Fill out this field
Please enter a valid email address.

Menu