Embedded Files
Protection against implicit Intent spoofing attacks
Protection against implicit Intent spoofing attacks
This lab illustrates the vulnerability of implicit intent spoofing and how to prevent intra-app IPC with intent spoofing with disabled exported attribute setting that will block any external injections.To protect against implicit Intent spoofing attacks, there are several things we have to do.
For the private activities of your application, specify the android: exported attribute with the value "false". Although "false" is the default value, the default values of Android properties could change in the future versions.
<activity android:name=".MyBroadCastReceiver"
android:exported="false">
</activity>
For the public activities :
- Use several permission level requirements in your Manifest file.
- Specify an IntentFilter. Android will validate the data received.
- Specify the authorized activities by creating your own permission.
In the previous Hand-on lab, we can specify the android: exported attribute with the value "false" in BroadcastReceiver app to avoid implicit intent spoofing. In order to prevent spoofing, we need to modify one place of our code.
AndroidManifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="example.com.broadcastreceiver"
android:versionCode="1"
android:versionName="1.0" >
<application
android:allowBackup="true"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:theme="@style/AppTheme" >
<activity
android:name=".MainActivity"
android:label="@string/app_name" >
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<activity android:name=".SecondActivity"></activity>
<activity android:name=".ThirdActivity"></activity>
<!--Specify the android:exported attribute with value "false" -->
<receiver android:name=".MyBroadCastReceiver" android:enabled="false" android:exported="true" android:permission="abc">
<intent-filter>
<action android:name="com.example.MyBroadcast"/>
</intent-filter>
</receiver>
</application>
</manifest>
After we modified the attribute from true to false, the BroadcastRecevier app cannot receive intents from other apps.
Page updated
Google Sites
Report abuse