rspec/rules/S5320/description.adoc

In Android applications, broadcasting intents is security-sensitive. For example, it has led in the past to the following vulnerability:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9489[CVE-2018-9489]

By default, broadcasted intents are visible to every application, exposing all sensitive information they contain.

This rule raises an issue when an intent is broadcasted without specifying any "receiver permission".
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`In Android applications, broadcasting intents is security-sensitive. For example, it has led in the past to the following vulnerability:`
			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9489[CVE-2018-9489]`

			`By default, broadcasted intents are visible to every application, exposing all sensitive information they contain.`

			`This rule raises an issue when an intent is broadcasted without specifying any "receiver permission".`