Activity component security (I), activity component

Activity component security (I), activity component

For Activity component security, as an android developer, pay attention to the following points during daily development:
-Activity Access Control
-Activity hijacked

This article will share with you the security issues of Activity access control.

Category of basic R & d knowledge Activity

The Activity type and usage Method determine its risk and defense methods. Therefore, the Activity is classified as follows: Private, Public, Parter, In-house

Intent Introduction

Android provides an Intent mechanism to assist in interaction and communication between applications. Intent describes the actions, actions involving data, and additional data of an application, android finds the corresponding component based on the description of the Intent, passes the Intent to the called component, and calls the component. Intent can be used not only between applications, but also between activities/services within the application. Therefore, Intent acts as a media intermediary here, providing information about component calls to each other to decouple callers from callers. The function of Intent is shown in the SDK as follows:

• Use Context. startActivity () implements tietong. startActivityForResult ()
  Start an Activity;
• Start a service through Context. startService (), or use Context. bindService () to interact with the background service;

• Broadcast (such as Context. sendBroadcast (), Context. sendOrderedBroadcast (),
  Context. sendStickyBroadcast () is sent to broadcast receivers.

  Intent can be divided into two types: implicitly and explicit:

(1) explicit Intent

That is, the receiver is specified when the Intent object is constructed. It is generally implemented in the same application on the premise that the target component name is known, as follows:

Intent intent = new Intent(MainActivit.this, NewActivity.class);startActivity(intent );  

In the intent above, the receiver: NewActivity is directly specified.

(2) Implicit Intent

When constructing an Intent object, the Intent Sender does not know or care about who the receiver is. This helps reduce the coupling between the sender and the receiver. It is generally used without explicitly specifying the name of the target component, it is generally used between different applications, as follows:

Intent intent = new Intent();intent.setAction("com.wooyun.test");startActivity(intent);

The intent above does not specify the receiver, but only provides an action as the filter condition for the receiver.

Android does not need to parse explicit Intent because the target component is clear. Android needs to parse implicit Intent, map Intent to the Activity, IntentReceiver, or Service that can process the Intent.

Android: exported attributes

In Activity, this attribute is used to indicate whether the current Activity can be started by an external program: true: allowed to be started; false: not allowed to be started. The external program here refers to the program with different signatures and different user IDs. The program with the same signature and user ID is in the same process space in Tongxiang during execution, and there is no component access restriction between batches.

If this attribute is set to false, the Activity will only be called by the current Application or the Application component with the same user ID.

The default value of exported is determined by whether intent filter is available in the Activity. No filter means that this Activity can be awakened only after its class name is described in detail. This means that this Activity can only be used inside the application, because other applications do not know the existence of this class. In this case, the default value is false. On the other hand, if the Activity contains at least one filter, it means that the Activity can be invoked by other applications from outside. In this case, the default value is true.

Android: protectionLevel attributes

For paid operations and operations that may involve user privacy, Android provides the android: protectionLevel attribute to restrict some access, such as network access (pay-as-you-go) and getting contacts (involving privacy. If the application wants to perform such access, it needs to apply for the corresponding permissions. Android classifies these permissions into four levels. Different Levels of permissions correspond to different authentication methods.

Normal: Default value. Low-risk permissions, which can be used as long as they are applied for. You do not need to confirm the installation.

Dangerous: Permissions such as WRITE_SETTING and SEND_SMS are risky because these permissions can be used to reconfigure the device or result in calls. Use this protectionLevel to identify some permissions that users may be concerned. Android will warn users about these permission requirements when installing the program. The specific behavior may vary depending on the Android version or the installed mobile device.

Signature: These permissions are only granted to programs signed with the same key as the application.

SignatureOrSystem: Similar to signature, programs in the system also need to be accessible. This allows custom Android applications to gain permissions. This protection level helps the compilation process of the integrated system.

Instances of wooyun Vulnerability Report for known security issues of Activity components

1. Fast play browser android client Local Denial of Service

2 snowball android client Local Denial of Service Vulnerability

3 Tencent Messenger (QQ) Dos vulnerability (critical)

4 Tencent WeiBo multiple Dos vulnerabilities (critical)

5Android native Settings application must crash (which can cause DoS attacks) (involving fragment)

6. Start intent implicitly to include sensitive data. Attack models include:

How do R & D personnel prevent private activity

Private activities should not be started by other applications and should be relatively secure

Intent usage

• Handle the received Intent and the information it carries with caution
• When the Activity returns data, pay attention to whether the target Activity has the risk of information leakage.
• When the target Activity is very clear, try to use the display to start
• Exercise caution when processing the data returned by the Activity. The data returned by the target Activity may be forged by malicious applications.
• Verify whether the target Activity is a malicious app to avoid Intent spoofing and use hash signature verification.
• As far as possible, do not send sensitive information, considering that Intent information in the public Activity may be stolen by malicious applications.

Set android: exported attributes

The android: exported = "false" attribute should be added to components that do not need to be called by external programs. This attribute indicates that it is private, only components of the same application or applications with the same user ID can start or bind the service.

<activity            android:name=".HomeActivity"            android:label="@string/app_name"            android:screenOrientation="portrait"             android:exported="false">

Set access permissions for specific components

You can set access permissions for an Activity to be accessed by a specific external program. There are three methods:

(1) Add the android: permission attribute to the component.

<activity android:name=".AnotherActivity"         ndroid:label="@string/app_name"          android:permission="com.wooyun.custempermission"></activity>

(2) protectionLevel permission statement

The exported attribute is only used to restrict whether the Activity is exposed to other apps. The permission statement in the configuration file can also restrict external start of the activity.

<permission android:description="wooyun"            android:label="wooyun"            android:name="com.wooyun.custempermission"            android:protectionLevel="normal">    </permission>

ProtectionLevel has four levels: normal, dangerous, signature, and signatureOrSystem. Signature and signatureOrSystem can be called only when the same signature is used.

(3) Statement

<uses-permission android:name="com.wooyun.custempermission" />

SummaryWhen declared Activity is called, Android checks whether the caller has the permission of com. wooyun. custempermission. If not, a SecurityException exception is triggered.

Code check for exposing Components

Android provides various APIs to check, execute, Grant, and revoke permissions at runtime. These APIs are part of the android. content. Context class, which provides global information about the application environment.

if (context.checkCallingOrSelfPermission("com.wooyun.custempermission")          != PackageManager.PERMISSION_GRANTED) {              // The Application requires permission to access the                // Internet");  } else {      // OK to access the Internet  }

Copyright statement: This article is the original author of the blog, not allowed by the blog can not be reproduced; from http://blog.csdn.net/mynameishuangshuai