I have an application that has only 1 activity "MainActivity" and it must be divided in fragments, because there are 3 windows, one of them is the user details, and this activity (the main activity) has exported=true.
I want to know if this entails a security flaw in an Android APK:
I log in the application
I start the activity with drozer: run app.activity.start --component com.member com.member.MainActivity
I can see the user details, but not in the first display, I need to press another tab, which must be another fragment inside the MainActivity.
Is it the normal behavior?
It is true that exported activities can be used by apps with a different uid, but the user must be logged in, which problem does it entail?
Regards!
Is it the normal behavior?
If by "the normal behavior" you mean that exported activities can be started by third-party apps, then yes.
It is true that exported activities can be used by apps with a different uid
If by "used" you mean "started", then yes.
For example, this activity of yours probably has this <intent-filter>:
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
This says "hey, anything that is a launcher, please include me in your roster of launchable activities!". The launcher is how most Android device owners start apps. If your activity is not exported, then the launcher would not be able to start your activity, and as a result the user will not be able to use your app.
Note that having an <intent-filter> on an <activity> automatically sets android:exported to true — you do not need to declare this manually.
Related
In my Android app there is a security vulnerability that my app can be opened by a malicious application. I am using the following intent filter in the Launcher Activity.
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
This intent filter makes the Main Activity exposed to other apps. Is there any way to expose the Main Activity only to the Android OS and not to other applications. As far as I understand We can't use "exported=false".
Is there any way to expose the Main Activity only to the Android OS and not to other applications.
Not as you are defining the terms.
Every activity, exported or not, is "exposed" to "the Android OS". Otherwise, they would be unusable, even by the app itself. The difference between an exported activity and one that is not is whether a third-party app can start the activity.
The home screen itself is just an app. A device ships with at least one home screen pre-installed, and users can install others from the Play Store or elsewhere. Hence, from the standpoint of your app, the home screen is a third-party activity.
In my Android app there is a security vulnerability that my app can be opened by a malicious application
Having an exported activity is not a "security vulnerability" in its own right. Your argument is akin to saying "there is a security vulnerability in my Web site — how do I allow my home page to only be opened from a Google search result, but not by a bookmark or any other Web site?".
Having unnecessarily exported activities is bad from a security standpoint, but the launcher activity is exported by necessity.
This image was quite helpful for understanding the
functionality offered by the launhmode singleTask, taken from here
however, I understood this in case of the same application, I am having issues understanding
what if both tasks belong to two different Applications
Confusing Scenario(fictional),
I was going through an app and the app offered an action to send
emails, I selected 'send email' option.
My phone's default 'email app' will be picked and its activity (which is
declared as singletask) will be opened.
While I was typing my email content, I switched to some chat app and
the app gets crashed and offered me an option to report an issue
over email to the developer, Now when I will select 'Report' , my email
app(which is the same default email app ) will be opened.
Now as the Email app's root activity is singletask, will my content
which I wrote will be visible to me?
The main thing is this time, the tasks/stacks belong to two different apps.
Even though you are using 2 different applications, it will work in the expected way:
if your singleTask activity already exists, that copy will be used, with the method onNewIntent() being called
if it does not exist, it will be launched as per normal
More technically, reproducing the definition from your link:
The system creates a new task and instantiates the activity at the
root of the new task. However, if an instance of the activity already
exists in a separate task, the system routes the intent to the
existing instance through a call to its onNewIntent() method, rather
than creating a new instance. Only one instance of the activity can
exist at a time.
This can easily be verified by making an activity a target for sharing text and singleTask in the manifest:
<activity
android:name=".MainActivity"
android:launchMode="singleTask">
<intent-filter>
<action android:name="android.intent.action.SEND" />
<category android:name="android.intent.category.DEFAULT" />
<data android:mimeType="text/plain" />
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.SEND_MULTIPLE" />
<category android:name="android.intent.category.DEFAULT" />
<data android:mimeType="image/*" />
</intent-filter>
</activity>
Now add some logging to the onCreate() and onNewIntent() methods and do some scenario testing.
Something I found particularly useful when testing the various launchmodes is the following ADB command:
adb dumpsys activity activities
This outputs a lot of text (it may help to reboot the phone before doing this - adb reboot) showing details of the activity task stacks. This can be used to show you that your singleTask activity "rehomes" itself as it gets launched via different applications.
As for the question about the emails, I think that will depend on which email client you are using, but I would hope that they handle the onNewIntent() method correctly, and save the current draft before displaying your new email.
I need to launch "my hypothetical application" in order to show certain events which have been tracked on the application which has installed my "hypothetical library". But I can’t figure out how to achieve it, and the only library which perform this kind of behaviour -as far as I know, is LeakCanary.
Any thoughts will be appreciate.
I don't think LeakCanary installs separate apk which will work as exported service and allow applications to be bound to. I went through the flow how it works, when you call LeakCanary.install(context) it starts HeapAnalyzerService which is a Service which depends on application lifecycle callbacks.
What you see as separate application is the DisplayLeakActivity which has it's intent declared as:
<intent-filter>
<action android:name="android.intent.action.MAIN"/>
<category android:name="android.intent.category.LAUNCHER"/>
</intent-filter>
Any activity with MAIN action and category LAUNCHER will be placed in the launcher.
Let me describe you what I want: I want to build a "master app" and set it so that when the phone is powered up, it immediately goes into the master app. The user can never exit this app (this will be used for something like parental control), and he can only launch other apps from within it.
Basically it will be like a "custom desktop".
I must stress out, it is important that this app never exits. As long as the phone is started, this is the only environment that the user has access to.
Now after I explained what I need, I will need your help to tell me what am I looking for. Is this some kind of "default launcher" that I keep hearing about? Or how is this called?
How can I do it?
Thanks
Add this into Manifest.
<receiver
android:name=".Bootupclass"
android:enabled="true"
android:permission="android.permission.RECEIVE_BOOT_COMPLETED" >
</receiver>
Bootupclass
public class Bootupclass extends BroadcastReceiver{
#Override
public void onReceive(Context context, Intent intent) {
//write intent here
}
}
I need someone to give me the exact code needed to make the app:
Here Goes,
If you make an app as a launcher app, and if it is the ONLY launcher app within your system, it will of course be started when you switch on your device. And also when you click on the home button, since your app is the only launcher app within the system, the same would be started.
so ,
1) start on bootup 2) be the default action when pressing the home button (the "desktop")
could both be merged into 1.
You mentioned that your phone is rooted, So easiest way to achieve what you require would be to
1.Install your app with just these lines within the manifest. i.e within your first activity. Nothing else is required. (this would make your app as a launcher app)
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.HOME"/>
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
2.Un-install the default launcher application within your device.
What is being asked in the question body is different from the question title.
Listening to BOOT_COMPLETED will do literally what is requested by title - give control to the application once when device is powered on or restarted.
It is not enough to achieve the real goal - to prevent user from exiting the application and reaching "normal" home screen - once user presses "exit" or "home", he will essentially leave your app. While you can intercept "Exit" button and prevent it from quitting your app, "home" button is not possible to block programmatically.
In order to make and app like parental control and prevent user from reaching unwanted apps you need to implement "custom home screen" or "custom launcher" (which is the same thing).
It is rather large topic, but this seems to be a good starting point: Android - creating custom launcher.
And because author insists on "exact code", to make your app to start instead of a home screen (after boot or pressing "home" button), you need the following in the manifest:
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.HOME"/>
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
After install, press "home" button - you will be given a choice of standard launcher or your app. Check "use as default" and select your app - from now on it will start instead of the normal home screen.
Beware, though, that there are few known issues with custom launchers. One is - you have to block access to settings, otherwise user can switch back to default launcher. Also, after your app is updated (i.e. you post new version) user will be asked what home screen to use and can choose default launcher.
I must stress out, it is important that this app never exits This I believe is not possible.
From your requirement it seems that you require a MDM solution. Upwards of Android 2.2 device administration APIs have been available. Check out http://developer.android.com/guide/topics/admin/device-admin.html
The user will have to install your app and allow it to be a Device Administrator. (You can see currently available administrators from Setting -> Location and Security -> Device Administrator). Now as an administrator you can control features on device eg. disallow apps to be uninstalled, prevent installation of specific apps, disallow launch of specific apps. wipe device if security is breached etc. You can also prevent your app from being uninstalled.
There are apps available with such features. I can name Maas360 off the top of my head.
Disclaimer: I haven't tried the device administration apis myself.
I have two similar applications (one free, one paid).
An activity is defined with exported="false"
<activity
android:name=".MyActivity"
android:exported="false"
android:noHistory="true" >
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<data android:mimeType="vnd.android.cursor.item/vnd.mine" />
</intent-filter>
</activity>
When I call startActivity with the appropriate implicit intent from the free app, the activity picker appears.
I don't understand why the activity from the paid app appears, since it is exported="false"
I suppose I can add an intent filter based on the URL, but my question is: why does the activity from the other app appear when the doc reads
Whether or not the activity can be launched by components of other applications
I don't understand why the activity from the paid app appears, since it is exported="false"
Because you have a matching <intent-filter>. Since you do not need the <intent-filter> for a non-exported activity, simply delete it and use an explicit Intent when starting this activity.
why does the activity from the other app appear when the doc reads...
I had the same question and was told that this was expected behavior and the bug is in our app for having a useless <intent-filter>. Quoting Dianne Hackborn:
I would generally consider this a bug in the app -- if you have an activity that you aren't allowing other apps to launch, why the heck are you publishing an intent filter that they will match to try to launch? The security of the activity (whether it is not exported or requires a permission) is not part of intent matching. ...this scenario (publishing an activity that matches intents other applications will use but then restricting it to not be launchable by other applications) is not useful if not outright broken.