Pre-Lab

Learning Objectives

• • To understand the fundamental concepts of intent spoofing in Android programming.

  • To understand the dangers of intent spoofing

  • To understand the basic defensive practice skills against intent spoofing.

Broadcast receivers are used to handle asynchronous requests initiated via an intent.

By default, receivers are exported and can be invoked by any other application. If your BroadcastReceivers is intended for use by other applications, you may want to apply security permissions to receivers using the <receiver> element within the application manifest. This will prevent applications without appropriate permissions from sending an intent to the BroadcastReceivers.

There two types of intent: Explicit intents has its explicit recipient and Implicit intents does not name its explicit recipient, and it will notify an appropriate component based on the specification of the intent.

This figure illustrates the concept of intent spoofing where comp1 and comp2 are two Android components(Activity, Service, or BroadCastReceiver) and app1 is a victim. The comp2 in App1 expects to get intent with data from Comp1 in the same App1 but instead, it gets a malicious injection via an implicit intent sent by a Malicious app. This is an inter-app intent spoofing which can be prevented by explicit intent, setting an exported attribute to false, claiming permission requirement by app1.

To receive an implicit intent an Android component must register the implicit intent with an intent filter specifying the kinds of intents it is interesting. Implicit intents are useful for an app to request a service function without knowing exactly the service function provider. It provides flexibility in run-time binding of components

Intent spoofing is an attack where a malicious application induces or injects undesired behavior to a component via implicit intent which only expects to receive intents from other components within the same app. By default, a component only receives intents from other components in the same application, but it can also accept intents from other apps if the android: exported attribute is set in the manifest XML.

Exporting attribute allows all applications to send intents to that component even opens a door for explicit intent. In other words, If your application uses an exported component, a malicious application can send an intent to it which is an intent spoofing attack. Misused or overused or used implicit intent will result in intent spoofing which may cause DoS and phishing attacks.

An Android developer should not let a component exposed to other applications to make itself vulnerable to attacks. Typically, a broadcast Receiver is vulnerable to broadcast injection, in which the receiving component thought the malicious broadcast came from another app is what it expects within the same app. Activities and Services may also be spoofed/vulnerable to fake activation or bind attacks.