AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Insecure Intent Broadcasting

The malicious applications can get sensitive data by intercepting broadcasts

Severity

High

Fix Cost

Low

Trust Level

Medium

Android supports Intents as the messages between components such as activities, services and broadcast receivers. An application can broadcast any messages through Intents to more than one application by using Context.sendBroadcast() API such as below;

            
Intent intent = new Intent();
intent.setAction("com.bankapp.ShowCCInfo");
intent.putExtra("CreditCard", creditcard);
sendBroadcast(intent);
                
            

Any other application that registers for receiving broadcasts, either in manifest file or in code, can intercept the sent credit card information.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!