Why should Intent’s security be concerned?

Using the Android IPC mechanism leads to the possibility of identifying and verifying who is trying to connect. The Intent as an IPC mechanism is one of the best options to interact and communicate with other broadcast receivers, activities, or services.
Besides, it can be used to navigate the user to other apps. We should consider that it might carry some data to deliver to other components. When it comes to data, security matters, especially when it’s the user’s data! Also, it can be a weakness for injecting fake data, stealing user’s data or even causing more significant trouble with functionality. Let’s have a look at Intent and see how we can make the Intent secure with some tips.

The Intent at a Glance

Based on the Android’s documents Intent is a message object to request an action from another app’s component. Indeed a message object can carry sensitive data. The data can be of any type such as String, Integer or even a file like when you share/send a file in your smartphone from one application to another one. In other words, it can be considered a way to share data or functionality with others in the same application or even outside. The fundamental Intent’s use cases can be:

  1. Starting an activity
  2. Starting a service
  3. Delivering a broadcast

The action can have a result which will be delivered to the sender(not for the broadcasts).

How to protect your app?

The best and very simple way of protection is choosing the right type of Intent. There are two types of that:

  1. Implicit
  2. Explicit

If you don’t need to receive any data or share any functionality with other components, then you should only hide what you have. If you define any intent filters, you can be called from outside. Because an Intent filter contains a package name and usually a class name that can be called by.
Besides, defining an Intent filter means the activity/service/broadcast receiver is exported. android:exported is the way we can control how other apps can access the components. (The default value is false) Even if the component is not exported, it can be launched by the same app’s component or the privileged system applications. Always using Explicit Intent is more secure unless you want to send a broadcast.

Blocking by android:permission

There’s another way to block launching from outside. Adding specific permission for who wants to launch the components can reduce the risk. So, every time an application wants to send an Intent to your app’s components system checks how it fulfils the required permission. Otherwise, it will be blocked!

How to protect permission by android:protectionLevel?

What if another application defines the same permission you added to your app’s component to protect it?

Android has provided a solution to make it secure. You can add android:protectionLevel to the custom permission and then the system will take care of how the application requesting the Intent has the same signature as yours. Actually, the parameter helps to grant the requested permission to the appropriate apps. For instance, if you set signature to android:protectionLevel, the system only approves the requested permission only for applications signed with the same certificate as your app. But if you leave it unset the default value is normal which means the custom permission will be granted to any apps that request it.

Add permission to broadcast Intent

There is a similar mechanism for broadcast Intent to deliver it to applications that have specific permission. Then the system will enforce the required permission to all potential receivers it assure that the message will be delivered to the right apps.

public abstract void sendBroadcast (Intent intent, String receiverPermission)

Taking care of security is not a one-time activity. We need to study, learn and research continuously to use all available options.

Leave a Comment

Your email address will not be published. Required fields are marked *