In Android applications, broadcasting intents is security-sensitive. For example, it has led in the past to the following vulnerability:

* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9489[CVE-2018-9489]

By default, broadcasted intents are visible to every application, exposing all sensitive information they contain.


This rule raises an issue when an intent is broadcasted without specifying any "receiver permission".