Added in API level 31

UnsafeIntentLaunchViolation


class UnsafeIntentLaunchViolation : Violation
kotlin.Any
   ↳ kotlin.Throwable
   ↳ android.os.strictmode.Violation
   ↳ android.os.strictmode.UnsafeIntentLaunchViolation

Violation raised when your app launches an Intent which originated from outside your app.

Violations may indicate security vulnerabilities in the design of your app, where a malicious app could trick you into granting Uri permissions or launching unexported components. Here are some typical design patterns that can be used to safely resolve these violations:

  • The ideal approach is to migrate to using a PendingIntent, which ensures that your launch is performed using the identity of the original creator, completely avoiding the security issues described above.
  • If using a PendingIntent isn't feasible, an alternative approach is to create a brand new Intent and carefully copy only specific values from the original Intent after careful validation.

Note that this may detect false-positives if your app sends itself an Intent which is first routed through the OS, such as using android.content.Intent#createChooser. In these cases, careful inspection is required to determine if the return point into your app is appropriately protected with a signature permission or marked as unexported. If the return point is not protected, your app is likely vulnerable to malicious apps.

Summary

Public constructors

Public methods
Intent?

Return the Intent which caused this violation to be raised.

Inherited functions

Public constructors

UnsafeIntentLaunchViolation

Added in API level 31
UnsafeIntentLaunchViolation(intent: Intent)
Parameters
intent Intent: This value cannot be null.

Public methods

getIntent

Added in API level 31
fun getIntent(): Intent?

Return the Intent which caused this violation to be raised. Note that this value is not available if this violation has been serialized since intents cannot be serialized.

Return
Intent? This value may be null.