Read PDF

Avoid Intent Sniffing

When an activity is initiated by another application using a broadcast intent, the data passed in the intent can be read by a malicious app.


When another application initiates activity by sending a broadcast intent, malicious apps can read the data included in the intent. The malicious app can also read a list of recent intents for an application. For example, if an app invokes and passes a URL to the Android web browser, an attacker could sniff that URL.


Do not pass sensitive data between apps using broadcast intents. Instead, use explicit intents.


results matching ""

    No results matching ""