AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Insecure Content Provider

The malicious applications can query, access target applications’ critical data

Severity

Critical

Fix Cost

Medium

Trust Level

Medium

Android supports content providers as an interface for managing access and sharing data with other applications. When configured in Android configuration file, AndroidManifest.xml, care should be taken in order not to open an application’s content provider to other applications installed publicly.

Below shows a configuration definition of LiveDataProvider custom content provider which was denoted with android:exported attribute true value. This attribute value opens the data interface to all installed applications.

            
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android" …>
...
<provider android:exported="true" android:name="LiveDataProvider"                   
android:authorities="com.example.livedataprovider" />
…
                
            

Interestingly, till Android API 16 (including) the default value of this attribute was true.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!