1. Introduction to Broadcast Receiver
In Android, Broadcast is a widely used mechanism for transmitting information between applications. BroadcastReceiver is a type of component that filters and accepts and responds to Broadcast.
When using broadcast explorer, it can be statically registered in AndroidManifest. xml, or dynamically generated in the activity initialization function.
Static registration:
// MyBroadcastReceiver inherits BroadcastReceiver and overwrites the onReceiver method.
<Cycler android: name = "com. xiaod. mybroadcast. MyBroadcastReceiver">
<Intent-filter>
// Use the filter to receive the specified action Broadcast
<Action android: name = "com. xiaod. mybroadcast" "> </action>
</Intent-filter>
</Cycler>
Dynamic Registration:
IntentFilter intentFilter = new IntentFilter ();
IntentFilter. addAction ("com. xiaod. mybroadcast"); // specify an action for BroadcastReceiver to receive broadcasts of the same action.
RegisterReceiver (BroadcastReceiver, intentFilter );
Generally, it is registered in onStart/onResume of the activity, and unregisterReceiver is canceled in onStop.
Send broadcast:
Specify the broadcast target Action: Intent intent = new Intent (actionString );
Messages can also be carried by Intent: intent. putExtra ("msg", "hi, I send a message ");
Send broadcast message: Context. sendBroadcast (intent );
Ii. Instances
Two applications: Mybroadcast and MySendBro
MyBroadcast is used for broadcasting and receiving, and the response action is specified as "com. xiaod. mybroadcast". The processing class is com. xiaod. mybroadcast. MyBroadcastReceiver.
The androidmanifest. xml file is as follows:
<? Xml version = "1.0" encoding = "UTF-8"?>
<Manifest xmlns: android = "http://schemas.android.com/apk/res/android"
Package = "xiaod. mybroadcast"
Android: versionCode = "1"
Android: versionName = "1.0" type = "codeph" text = "/codeph">
<Uses-sdk android: minSdkVersion = "8"/>
<Application android: icon = "@ drawable/icon" android: label = "@ string/app_name">
<Activity android: name = "com. xiaod. mybroadcast. MyBroadcastActivity"
Android: label = "@ string/app_name">
<Intent-filter>
<Action android: name = "android. intent. action. MAIN"/>
<Category android: name = "android. intent. category. LAUNCHER"/>
</Intent-filter>
</Activity>
<Cycler android: name = "com. xiaod. mybroadcast. MyBroadcastReceiver" android: exported = "true">
<Intent-filter>
<Action android: name = "com. xiaod. mybroadcast"> </action>
</Intent-filter>
</Cycler>
</Application>
</Manifest>
MyBroadcastReceiver. java
Package com. xiaod. mybroadcast;
Import android. content. BroadcastReceiver;
Import android. content. Context;
Import android. content. Intent;
Import android. util. Log;
Import android. widget. TextView;
Import android. widget. Toast;
Public class MyBroadcastReceiver extends BroadcastReceiver {
@ Override
Public void onReceive (Context context, Intent intent ){
// TODO Auto-generated method stub
String action = intent. getAction ();
Toast. makeText (context,
"InentAction is: \ n" + action + "\ nmsg is: \ n" +
Intent. getStringExtra ("msg") + "\ nid is: \ n" +
Android. OS. Process. myPid (), Toast. LENGTH_SHORT). show ();
}
}
MySendBro for broadcast sending
MySendBroActivity. java is as follows:
Package com. xiaod. mysendbro;
Import android. app. Activity;
Import android. content. Intent;
Import android. OS. Bundle;
Import android. view. View;
Import android. view. View. OnClickListener;
Import android. widget. Button;
Import android. widget. TextView;
Public class MySendBroActivity extends Activity {
/** Called when the activity is first created .*/
Private Button btn;
Private TextView TV;
@ Override
Public void onCreate (Bundle savedInstanceState ){
Super. onCreate (savedInstanceState );
SetContentView (R. layout. main );
Btn = (Button) findViewById (R. id. button1 );
TV = (TextView) findViewById (R. id. TV );
TV. setText ("id is:" + android. OS. Process. myPid ());
Btn. setOnClickListener (new OnClickListener (){
@ Override
Public void onClick (View v ){
// TODO Auto-generated method stub
Intent intent = new Intent ();
Intent. setAction ("com. xiaod. mybroadcast ");
Intent. putExtra ("msg", "Message ");
SendBroadcast (intent );
}});
}
}
Then, start MyBroadcast and set the pid to 598.
Start MySendBro and set the pid to 498. click the button to send a broadcast to MyBroadcast.
Mybroadcast responds and displays information
Iii. vulnerabilities and repair methods
According to the above process of broadcasting and sending between applications, if we analyze the code of an application (apktool decompilation) in androidmanifest. in xml or dynamically generated in the activity, find the broadcast referers used by the application and the corresponding action for processing. By constructing a malicious application that identifies this action and sends a broadcast message to a normal application, the application will process it. If an app, such as an app that sends text messages over the internet, registers itself with a hacker to detect the possibility of sending phishing messages to the user through malicious apps.
Solution:
In the consumer, the android: exported is used to enable and disable the consumer's response to external applications,
If external calls are not allowed, specify exported = "false" in the consumer"
<Cycler android: name = "com. xiaod. mybroadcast. MyBroadcastReceiver"
Android: exported = "false">
......
</Cycler>
If an external call is required, specify exported = "true" and add android: permission to specify the permission. add the <permission> Custom permission item in xml, and obtain androidmanifest in sendbroadcast. add <uses-permission> in xml to match this permission.
The configurator configuration is as follows:
<? Xml version = "1.0" encoding = "UTF-8"?>
<Manifest xmlns: android = "http://schemas.android.com/apk/res/android"
......
<Permission android: name = "com. xiaod. mybroadcast. permission. Cycler"/>
<Application android: icon = "@ drawable/icon" android: label = "@ string/app_name">
<Activity android: name = ". MyBroadcastActivity"
Android: label = "@ string/app_name">
......
</Activity>
<Cycler android: name = "com. xiaod. mybroadcast. MyBroadcastReceiver" android: exported = "true"
Android: permission = "com. xiaod. mybroadcast. permission. Cycler">
<Intent-filter>
<Action android: name = "com. xiaod. mybroadcast. action. Er"> </action>
</Intent-filter>
</Cycler>
</Application>
</Manifest>
Configure sendbroadcast as follows:
<? Xml version = "1.0" encoding = "UTF-8"?>
<Manifest xmlns: android = "http://schemas.android.com/apk/res/android"
......
<Uses-permission android: name = "com. xiaod. mybroadcast. permission. Cycler"/>
<Application android: icon = "@ drawable/icon" android: label = "@ string/app_name">
<Activity android: name = ". MySendBroActivity"
Android: label = "@ string/app_name">
......
</Activity>
</Application>
</Manifest>
4. About sticky broadcast
Sticky broadcast is a special broadcast with the following features:
1. After delivery, it will not be deleted by the system and will be permanently retained
2. All schedulers can receive the message and cannot set independent permissions.
3. Other applications with the BROADCAST_STICKY permission can delete any sticky broadcast.
Considering the above features, we try to avoid using sticky broadcast.
From http://www.sectop.com /? P = 128