在我的 Android 应用程序中,我使用了一个 intent 来启动一个新的 Activity,如下所示:
private void beginVideoChat()
{
Intent intent = new Intent(ProviderDetailsActivity.this, FragmentContainerActivity.class);
intent.putExtra("CommunicationEnum", Communications.Video);
intent.putExtra("provderId", provider.getProviderId());
this.startActivity(intent);
}
像 beginVideoChat() 一样,我还有其他几种方法,在定义 Intent 时我明确指定了类名。
当我的应用程序接受客户端的安全测试时,我遇到了一个称为Intent Manipulation 的安全问题。下面给出了相同的描述:
Severity Rating:
Medium
Description:
Allowing user input to control Intent parameters could enable an attacker to control the behavior of the subsequent activity.
Risk:
An intent manipulation issue occurs when the following two conditions are met:
• An attacker is able to specify the action, classname, or component of an Android Intent.
For example, an attacker may be able to specify the classname or the component to handle the intent.
• By specifying the action, classname, or component, the attacker gains a capability that would not otherwise be permitted.
For example, the program may give the attacker the ability to transmit sensitive information to a third-party software on the device.
报告生成的建议修复是:
不要依赖 Intent Filters 作为安全机制。通过创建专门设计的 Intent 或使用显式 Intents 很容易绕过此机制。
Remediation:
Do not rely on Intent Filters as a security mechanism. It is too easy to bypass this mechanism by creating specially designed Intents or using explicit Intents.
If private or personal data must be sent, always encrypt it using an industry standard encryption algorithm.
Verify that all Activities have a legitimate need to be publicly exported. If not, remove any Intent Filters from the Activity and make sure the android:explicit attribute is set to false.
The best way to secure an Activity is to rely on permission checks. If it is possible, specify a permission on the receiving Activity that will be used to prevent Intents from being received and handled that do not have that specific permission.
如补救建议:
如果必须发送私有(private)或个人数据,请始终使用行业标准加密算法对其进行加密 => 我会使用标准加密算法进行加密。
我的问题是如何在不在 Intent 中指定类名的情况下启动任何 Activity ?
另一个问题是:如何对接收 Activity 进行一些权限检查? =>为了解决这个问题,我将使用 Custom Permissions .这是处理此问题的正确方法吗?
提前致谢。
最佳答案
您在 beginVideoChat() 中启动 Activity 的方式没有问题,而不是安全警告中的问题:
... could enable an attacker to control the behavior of the subsequent activity.
这里的问题是所有其他应用都可以通过“FragmentContainerActivity”与任何可能的 provderId 开始“视频聊天”。
“FragmentContainerActivity”intent-api 不受滥用调用的保护。
这是否真的是安全问题取决于 Activity 及其控制参数的敏感程度。
示例:如果您的主要 Activity 首先调用登录 Activity ,然后调用视频聊天 Activity ,则无需登录即可打开视频聊天 Activity 。
关于Android Intent 操作问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40744696/