Components can be exported through Android configuration file. Exported components in an application can be activated/triggered by the outside applications through implicit or explicit Intents with broadcasting.

A component is exported if any of the followings is true;

• The value of the export attribute of the component definition in the configuration file (AndroidManifest.xml) is true
• The component definition in the configuration file (AndroidManifest.xml) has Intent filters defined

Exported services pose a greater risk since they run in the background which other components can bind to using Intents with method APIs such as;

                
startService(Intent i)
bindService(Intent i, ServiceConnection conn, int flags)
                
            

This lets the binder to easily invoke methods that are declared in the target Service's interface.

An possible vulnerable configuration definition for a content provider follows;

            
<manifest …>
<service android:name=".app.mysmssender" android:process=":remote" android:exported="true"/>
...
</manifest>
              
          

In the above configuration the services is exported, however, not protected by any dangerous or signature level permissions.

In this type of attack, as long as the vulnerable components are exported, malicious applications can use either implicit or explicit Intents to use and possibly leak information from the target service.