LaunchAnyWhere: Activity component Permission Bypass Vulnerability

Source: Internet
Author: User
Tags bug id

LaunchAnyWhere: Activity component Permission Bypass Vulnerability
Release date:


Vulnerability No:

Google Bug ID 7699048


Security level:



Impact scope:

Android 2.1-Android 4.3


Vulnerability description:

Recently, security researcher retme [1] announced a vulnerability in the Android Account Management Service. malicious applications can exploit this vulnerability to break through the access isolation restrictions of inter-process components, any undisclosed Activity component that calls other applications may pollute the data of the component, damage local data of the application, inject specific data, or even inject malicious data into the remote server. It can also work with other vulnerabilities, such as WebView addJavascriptInterface, to threaten Webview controls that are relatively secure because they are not disclosed.


This vulnerability is caused by the fact that the Account Management Service of Android does not verify the Intent forwarded by the installed account service application. Hackers can write malicious applications that contain their own account services and disguise them as normal applications to cheat users in downloading and installing them. When a user starts a malicious application, a request is triggered to add an account of the malicious application type to the Android account management service. Then, the Android system calls the Account Service of the malicious application, and accept an Intent returned by the malicious application and then call the Activity to which the Intent points. Under normal circumstances, the Intent should be directed to the logon interface of the account service. However, because the Android Account Management Service is privileged and does not verify the identities of the initiators and targets of the Intent, therefore, hackers can return any Intent to the Android account management service in their own account service code, regardless of whether the Activity represented by the Intent is made public.



All details of the vulnerability have been disclosed, and the POC [2] Code has also been released. Google released the Patch [3] In September 29, 2013 to verify whether the signatures of the account service application that returns Intent are consistent with those of the application that directs Intent to Activity, code path/frameworks/base/services/java/com/android/server/accounts/AccountManagerService. java




Test method: (does my mobile phone have this problem ?)

If your mobile phone version is earlier than (inclusive) 4.3, this may cause this threat. Please check settings-> account-> Add account interface for suspicious applications, you can also use the POC to test the vulnerability.


Solution: (Please protect me)

Google has already released the bugfix. mobile phone manufacturers should release the patch as soon as possible based on their actual situation. Prior to this, users should use a trusted App Store and carefully download and install the app. Uninstall the application in time if any suspicious application is found.







Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.