rspec/rules/S5594/xml/rule.adoc

Once an Android component has been exported, it can be used by attackers to
launch malicious actions and might also give access to other components
that are not exported.

As a result, sensitive user data can be stolen, and components can be launched
unexpectedly.

For this reason, the following components should be protected:

* Providers
* Activities
* Activity-aliases
* Services

To do so, it is recommended to either set `exported` to `false`, add
`android:readPermission` and `android:writePermission` attributes, or add a
`<permission>` tag.

**Warning**: When targeting Android versions lower than 12, the presence of intent filters will cause ``++exported++`` to be set to
``++true++`` by default.

If a component must be exported, use a `<permission>` tag and the
https://developer.android.com/guide/topics/manifest/permission-element#plevel[protection level]
that matches your use case and data confidentiality requirements. +
For example, https://developer.android.com/training/sync-adapters[Sync adapters]
should use a `signature` protection level to remain both exported **and** protected.

== Noncompliant Code Example

The following components are vulnerable because permissions are undefined or
partially defined:

[source,xml]
----
<provider
  android:authorities="com.example.app.Provider"
  android:name="com.example.app.Provider"
  android:exported="true"
  android:readPermission="com.example.app.READ_PERMISSION" />  <!-- Noncompliant: write permission is not defined -->
----
[source,xml]
----
<provider
  android:authorities="com.example.app.Provider"
  android:name="com.example.app.Provider"
  android:exported="true"
  android:writePermission="com.example.app.WRITE_PERMISSION" />  <!-- Noncompliant: read permission is not defined -->
----

[source,xml]
----
<activity android:name="com.example.activity.Activity">  <!-- Noncompliant: permissions are not defined -->
  <intent-filter>
    <action android:name="com.example.OPEN_UI"/>
    <category android:name="android.intent.category.DEFAULT"/>
  </intent-filter>
</activity>
----


== Compliant Solution


If the component's capabilities or data are not intended to be shared with
other apps, its ``++exported++`` attribute should be set to ``++false++``:

[source,xml]
----
<provider
  android:authorities="com.example.app.Provider"
  android:name="com.example.app.Provider"
  android:exported="false" />
----

Otherwise, implement permissions:
[source,xml]
----
<provider
  android:authorities="com.example.app.Provider"
  android:name="com.example.app.Provider"
  android:exported="true"
  android:readPermission="com.example.app.READ_PERMISSION"
  android:writePermission="com.example.app.WRITE_PERMISSION" />

<activity android:name="com.example.activity.Activity"
          android:permission="com.example.app.PERMISSION" >
  <intent-filter>
    <action android:name="com.example.OPEN_UI"/>
    <category android:name="android.intent.category.DEFAULT" />
  </intent-filter>
</activity>
----

== See

* https://developer.android.com/guide/topics/providers/content-provider-creating#Permissions[developer.android.com] - Implementing content provider permissions
* https://mobile-security.gitbook.io/masvs/security-requirements/0x11-v6-interaction_with_the_environment[Mobile AppSec Verification Standard] - Platform Interaction Requirements
* https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[OWASP Mobile Top 10 2016 Category M1] - Improper platform usage
* https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[OWASP Mobile Top 10 2016 Category M2] - Insecure Data Storage
* https://cwe.mitre.org/data/definitions/926[MITRE, CWE-926] - Improper Export of Android Application Components

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::message.adoc[]

endif::env-github,rspecator-view[]