Embedded Files
This lab illustrates how to prevent intra-app IPC intent eavesdropping with explicit intent instead of implicit intent.
There are two types of intents:
- Explicit intents specify which application will satisfy the intent, by supplying either the target app's package name or a fully-qualified component class name. You'll typically use an explicit intent to start a component in your own app, because you know the class name of the activity or service you want to start. For example, you might start a new activity within your app in response to a user action, or start a service to download a file in the background.
- Implicit intents do not name a specific component, but instead declare a general action to perform, which allows a component from another app to handle it. For example, if you want to show the user a location on a map, you can use an implicit intent to request that another capable app show a specified location on a map.
In the previous hands-on lab, the information attached on an implicit intent can be eavesdropped by a malicious app. Hence if communication happens inside one app, we should use an explicit intent with a specified receiver.
MainActivity.java
package example.com.interappsender;
import android.content.Intent;
import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.view.View;
import android.widget.EditText;
public class MainActivity extends AppCompatActivity {
private EditText email, phone;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
email = findViewById(R.id.email);
phone = findViewById(R.id.phone);
}
public void onClick(View view) {
Intent intent = new Intent(this,MyReceiver.class);
intent.putExtra("Email",email.getText().toString());
intent.putExtra("Phone",phone.getText().toString());
sendBroadcast(intent);
}
}
After modifying the implicit intent to explicit intent, the malicious app cannot eavesdrop the sensitive information which attached on the intent.
Page updated
Google Sites
Report abuse