UnsafeIntentLaunchViolation
class UnsafeIntentLaunchViolation : Violation
Violation raised when your app launches an Intent which originated from outside your app.
Violations may indicate security vulnerabilities in the design of your app, where a malicious app could trick you into granting Uri permissions or launching unexported components. Here are some typical design patterns that can be used to safely resolve these violations:
- The ideal approach is to migrate to using a
PendingIntent, which ensures that your launch is performed using the identity of the original creator, completely avoiding the security issues described above.
- If using a
PendingIntent isn't feasible, an alternative approach is to create a brand new Intent and carefully copy only specific values from the original Intent after careful validation.
Note that this may detect false-positives if your app sends itself an Intent which is first routed through the OS, such as using android.content.Intent#createChooser. In these cases, careful inspection is required to determine if the return point into your app is appropriately protected with a signature permission or marked as unexported. If the return point is not protected, your app is likely vulnerable to malicious apps.
Summary
| Public methods |
| Intent? |
Return the Intent which caused this violation to be raised.
|
Public constructors
UnsafeIntentLaunchViolation
UnsafeIntentLaunchViolation(intent: Intent)
| Parameters |
intent |
Intent: This value cannot be null. |
Public methods
getIntent
fun getIntent(): Intent?
Return the Intent which caused this violation to be raised. Note that this value is not available if this violation has been serialized since intents cannot be serialized.
| Return |
Intent? |
This value may be null. |
