Rule Definition
The attacks and consequences of improperly exporting a component may depend on the exported component:
If access to an exported Receiver is not restricted, any application may attack vulnerable Broadcast Receiver and exploit the functionality of the vulnerable app in multiple ways:
- Using am tool available in adb.
- Using a malicious app to query.
- Using Mercury Framwork.
Remediation
Do not forget permission when securing receivers
Violation Code Sample
<receiver
android:name="com.x8bit.bitwarden.PackageConfirmReceiver"
android:enabled="true"
android:exported="true" >
<intent-filter>
<action android:name="android.action.intent.MY_PACKAGE_CONFIM"/>
<category android:name="category" />
</intent-filter>
</receiver
Fixed Code Sample
1- Define permission in the top of the manifest file as following one
<permission android: name="com.x8bit.bitwarden.PackageConfirmReceiverPermission" android:protectionLevel="signature" />
2- Add the permission into receiver Permission
<receiver
android:name="com.x8bit.bitwarden.PackageConfirmReceiver"
android:enabled="true" android:exported="true"
android:permission="com.x8bit.bitwarden.PackageConfirmReceiverPermission">
<intent-filter>
<action android:name="android.action.intent.MY_PACKAGE_CONFIM"/>
<category android:name="category" />
</intent-filter>
</receiver>
Reference
ttps://developer.android.com/topic/security/best-practices
https://developer.android.com/guide/topics/manifest/receiver-element.html#prmsn
https://cwe.mitre.org/data/definitions/926.html
Related Technologies
Technical Criterion
Secure Coding - Input Validation
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.