Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

XML static code analysis

Unique rules to find Bugs and Code Smells in your XML code

Filtered: 7 rules found

android

Impact

Clean code attribute

Receiving intents is security-sensitive
Security Hotspot
Exported component access should be restricted with appropriate permissions
Vulnerability
Defining a single permission for read and write access of content providers is security-sensitive
Security Hotspot
Allowing application backups is security-sensitive
Security Hotspot
Requesting dangerous Android permissions is security-sensitive
Security Hotspot
Custom permissions should not be defined in the "android.permission" namespace
Vulnerability
Delivering code in production with debug features activated is security-sensitive
Security Hotspot

Receiving intents is security-sensitive

intentionality - complete

security

Security Hotspot

CriticalSonarSource default severity
click to learn more

Android applications can receive broadcasts from the system or other applications. Receiving intents is security-sensitive. For example, it has led in the past to the following vulnerabilities:

Receivers can be declared in the manifest or in the code to make them context-specific. If the receiver is declared in the manifest Android will start the application if it is not already running once a matching broadcast is received. The receiver is an entry point into the application.

Other applications can send potentially malicious broadcasts, so it is important to consider broadcasts as untrusted and to limit the applications that can send broadcasts to the receiver.

Permissions can be specified to restrict broadcasts to authorized applications. Restrictions can be enforced by both the sender and receiver of a broadcast. If permissions are specified when registering a broadcast receiver, then only broadcasters who were granted this permission can send a message to the receiver.

This rule raises an issue when a receiver is registered without specifying any broadcast permission.

Ask Yourself Whether

The data extracted from intents is not sanitized.
Intents broadcast is not restricted.

There is a risk if you answered yes to any of those questions.

Recommended Secure Coding Practices

Restrict the access to broadcasted intents. See the Android documentation for more information.

Sensitive Code Example

<receiver android:name=".MyBroadcastReceiver" android:exported="true">  <!-- Sensitive -->
    <intent-filter>
        <action android:name="android.intent.action.AIRPLANE_MODE"/>
    </intent-filter>
</receiver>

Compliant Solution

Enforce permissions:

<receiver android:name=".MyBroadcastReceiver"
    android:permission="android.permission.SEND_SMS"
    android:exported="true">
    <intent-filter>
        <action android:name="android.intent.action.AIRPLANE_MODE"/>
    </intent-filter>
</receiver>

Do not export the receiver and only receive system intents:

<receiver android:name=".MyBroadcastReceiver" android:exported="false">
    <intent-filter>
        <action android:name="android.intent.action.AIRPLANE_MODE"/>
    </intent-filter>
</receiver>

See

OWASP - Mobile AppSec Verification Standard - Platform Interaction Requirements
OWASP - Mobile Top 10 2016 Category M1 - Improper Platform Usage
CWE - CWE-925 - Improper Verification of Intent by Broadcast Receiver
CWE - CWE-926 - Improper Export of Android Application Components
Android documentation - Broadcast Overview - Security considerations and best practices

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

In-IDE

SaaS

Self-Hosted