Leaking sensitive information through an implicit Intent¶

ID: java/android/sensitive-communication Kind: path-problem Security severity: 8.2 Severity: warning Precision: medium Tags: - security - external/cwe/cwe-927 Query suites: - java-security-extended.qls - java-security-and-quality.qls 

Click to see the query in the CodeQL repository

When an implicit Intent is used with a method such as startActivity, startService, or sendBroadcast, it may be read by other applications on the device.

This means that sensitive data in these Intents may be leaked.

Recommendation¶

For sendBroadcast methods, a receiver permission may be specified so that only applications with a certain permission may receive the Intent; or a LocalBroadcastManager may be used. Otherwise, ensure that Intents containing sensitive data have an explicit receiver class set.

Example¶

The following example shows two ways of broadcasting Intents. In the ‘BAD’ case, no “receiver permission” is specified. In the ‘GOOD’ case, “receiver permission” or “receiver application” is specified.

public void sendBroadcast1(Context context, String token, String refreshToken)  {  {  // BAD: broadcast sensitive information to all listeners  Intent intent = new Intent();  intent.setAction("com.example.custom_action");  intent.putExtra("token", token);  intent.putExtra("refreshToken", refreshToken);  context.sendBroadcast(intent);  }  {  // GOOD: broadcast sensitive information only to those with permission  Intent intent = new Intent();  intent.setAction("com.example.custom_action");  intent.putExtra("token", token);  intent.putExtra("refreshToken", refreshToken);  context.sendBroadcast(intent, "com.example.user_permission");  }  {  // GOOD: broadcast sensitive information to a specific application  Intent intent = new Intent();  intent.setAction("com.example.custom_action");  intent.setClassName("com.example2", "com.example2.UserInfoHandler");  intent.putExtra("token", token);  intent.putExtra("refreshToken", refreshToken);  context.sendBroadcast(intent);  } } 

References¶

Android Developers: Security considerations and best practices for sending and receiving broadcasts
SonarSource: Broadcasting intents is security-sensitive
Android Developer Fundamentals: Restricting broadcasts
Carnegie Mellon University: DRD03-J. Do not broadcast sensitive information using an implicit intent
Android Developers: Android LiveData Overview
Oversecured: Interception of Android implicit intents
Common Weakness Enumeration: CWE-927.

© GitHub, Inc.
Terms
Privacy