Access Control issues Part 1-3

Description :

Caused by use Intent-filter inside Menifest files.


Recomment : 

Show an app chooser

If the Implicit Intent can launch a second app on the user's device, make it an app chooser.
This helps users transfer sensitive information to apps they trust.

val intent = Intent(ACTION_SEND)
val possibleActivitiesList: List<ResolveInfo> = queryIntentActivities(intent, PackageManager.MATCH_ALL)


// Verify that an activity in at least two apps on the user's device
// can handle the intent. Otherwise, start the intent only if an app
// on the user's device can handle the intent.


if (possibleActivitiesList.size > 1) {

    // Create intent to show chooser.
    // Title is something similar to "Share this photo with".

    val chooser = resources.getString(R.string.chooser_title).let { title ->
        Intent.createChooser(intent, title)
    }
    startActivity(chooser)
} else if (intent.resolveActivity(packageManager) != null) {
    startActivity(intent)
}


More Recomment : 

Disallow access to your app's content providers

If you intend to send data from your app to another app (that is not your app)
Do not allow other apps to access it. contentProvider that your app has
If your app can be installed on android 4.1.1 (api level 16)
or lower android:exported attribute will be "true" by default.
Therefore, further advice is to use exported="false"
To not allow other apps to access the contentProvider your app has.

<provider
  android:name="android.support.v4.content.FileProvider"
  android:authorities="com.example.myapp.fileprovider"
       ...
  android:exported="false">
  <!-- Place child elements of <provider> here. -->
</provider>


Reference : 

ความคิดเห็น

โพสต์ยอดนิยมจากบล็อกนี้

Insecure Data Stroage Part 1-4