UnsafeIntentLaunchViolation
class UnsafeIntentLaunchViolation : Violation
Violation raised when your app launches an Intent
which originated from outside your app.
Violations may indicate security vulnerabilities in the design of your app, where a malicious app could trick you into granting Uri
permissions or launching unexported components. Here are some typical design patterns that can be used to safely resolve these violations:
- The ideal approach is to migrate to using a
PendingIntent
, which ensures that your launch is performed using the identity of the original creator, completely avoiding the security issues described above.
- If using a
PendingIntent
isn't feasible, an alternative approach is to create a brand new Intent
and carefully copy only specific values from the original Intent
after careful validation.
Note that this may detect false-positives if your app sends itself an Intent
which is first routed through the OS, such as using android.content.Intent#createChooser. In these cases, careful inspection is required to determine if the return point into your app is appropriately protected with a signature permission or marked as unexported. If the return point is not protected, your app is likely vulnerable to malicious apps.
Summary
Public methods |
Intent? |
Return the Intent which caused this violation to be raised.
|
Public constructors
UnsafeIntentLaunchViolation
UnsafeIntentLaunchViolation(intent: Intent)
Parameters |
intent |
Intent: This value cannot be null . |
Public methods
getIntent
fun getIntent(): Intent?
Return the Intent
which caused this violation to be raised. Note that this value is not available if this violation has been serialized since intents cannot be serialized.
Return |
Intent? |
This value may be null . |