I was doing security analysis on an android application. I had a doubt regarding the default value of android:exported parameter. Many of the activities weren't tagged with this parameter. So possibly its value can be true which leads to major security threats. On my primary investigation I found this from the official website.
The default value depends on whether the activity contains intent filters. The absence of any filters means that the activity can be invoked only by specifying its exact class name. This implies that the activity is intended only for application-internal use (since others would not know the class name). So in this case, the default value is "false". On the other hand, the presence of at least one filter implies that the activity is intended for external use, so the default value is "true".
I didn't completely understand what they actually meant as I am not good in java or android programming. Somebody help me to make it clear.
Aucun commentaire:
Enregistrer un commentaire