Manifest parsing error in AbstractBinaryAndroidComponent

[firmianay]

There is a problem with the parsing of Manifest file. The judgment made here is a bit simple and does not consider that the parameters may come from externally defined strings. In this example, the number 2131034116 corresponding to "switch_global_debug" is used to compare. The result is true, but it is actually incorrect.

// Manifest
android:exported="@bool/switch_global_debug"

// res/values/bools.xml
<resources>
    <bool name="switch_global_debug">false</bool>
</resources>

// R
  public static final class bool {
      public static final int switch_global_debug = 2131034116;
  }

    protected AbstractBinaryAndroidComponent(AXmlNode node, BaseProcessManifest<?, ?, ?, ?> manifest) {
        this.node = node;
        this.manifest = manifest;

        AXmlAttribute<?> attrEnabled = node.getAttribute("enabled");
        enabled = attrEnabled == null || !attrEnabled.getValue().equals(Boolean.FALSE);

        loadIntentFilters();

        AXmlAttribute<?> attrExported = node.getAttribute("exported");
        if (attrExported == null)
            exported = getExportedDefault();
        else
            exported = !attrExported.getValue().equals(Boolean.FALSE);
    }

[StevenArzt]

You're right, that needs to be fixed. Do you have an app with which to reproduce the issue?

INTERNAL for FlowDroid team: We already have a parser for the Android resources file (ARSCFileParser). When analyzing the component, we just need to detect that we have a reference and then look up the ID in the ARSC parser. That should be fairly simple.

[firmianay]

Thanks for reply, you can download the test apk from here: https://count.liqucn.com/d.php?id=70985495906&urlos=android&from_type=web

[StevenArzt]

Fixed in fea8906