include::../description.adoc[] == Noncompliant Code Example A component activity is exported (in this case using an intent-filter) allowing it to be launched by other mobile applications: [source,java] ----

---- Then this activity retrieves the embedded untrusted intent used to start an arbitrary component: [source,java] ---- public class Noncompliant extends AppCompatActivity { @Override protected void onCreate(Bundle savedInstanceState) { // The intent used to start this exported component is retrieved Intent intent = getIntent(); // extract the embedded Intent Intent forward = (Intent) intent.getParcelableExtra("anotherintent"); // redirect the embedded Intent startActivity(forward); // Noncompliant } } ---- == Compliant Solution If it's not needed to make visible this component to other apps, do not export it: [source,java] ----

---- It's also possible to validate the intent to be sure it's the expected one: [source,java] ---- public class Noncompliant extends AppCompatActivity { @Override protected void onCreate(Bundle savedInstanceState) { // The intent used to start this exported component is retrieved Intent intent = getIntent(); // extract the embedded Intent Intent forward = (Intent) intent.getParcelableExtra("anotherintent"); ComponentName name = forward.resolveActivity(getPackageManager()); if (name.getPackageName().equals("package") && name.getClassName().equals("nonsensitiveclass")) { // redirect the embedded Intent startActivity(forward); } } } ---- include::../see.adoc[] ifdef::env-github,rspecator-view[] ''' == Implementation Specification (visible only on this page) include::../message.adoc[] ''' endif::env-github,rspecator-view[]