Closed cpholguera closed 1 year ago
i will take this.
Let me know in which section does this fit in.
Hi @su-vikas, could you please write a new test case in 0x05h for it, it should cover for MSTG-PLATFORM-4. Right after this one:
Please include an Overview section with the theory and a paragraph of what the test will do and then the sections for Static and Dynamic Analysis as always.
Thank you!
Using Intent as a mechanism to implement a callback to an Activity can lead to vulnerabilities, both in the provider and client apps. This is due to the fact that Intents are always processed in the Context of the app they are called within. This Context opens the possibility to start any non-exported activities in the provider app, and forces the client app to export the activity that should receive the callback.
PendingIntents, by contrast, are always processed inside the Context that created them. This not only allows a provider app to freely use them, without exposing non-exported activities, but also allows the client to specify any activity, including non-exported activities, to receive callbacks.
Source: https://medium.com/androiddevelopers/android-nesting-intents-e472fafc1933
https://medium.com/androiddevelopers/all-about-pendingintents-748c8eb8619