9 lines
435 B
Plaintext
9 lines
435 B
Plaintext
In Android applications, broadcasting intents is security-sensitive. For example, it has led in the past to the following vulnerability:
|
|
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9489[CVE-2018-9489]
|
|
|
|
By default, broadcasted intents are visible to every application, exposing all sensitive information they contain.
|
|
|
|
|
|
This rule raises an issue when an intent is broadcasted without specifying any "receiver permission".
|