UnsafeIntentLaunchViolation


public final class UnsafeIntentLaunchViolation
extends Violation

java.lang.Object
   ↳ java.lang.Throwable
     ↳ android.os.strictmode.Violation
       ↳ android.os.strictmode.UnsafeIntentLaunchViolation


Violation raised when your app launches an Intent which originated from outside your app.

Violations may indicate security vulnerabilities in the design of your app, where a malicious app could trick you into granting Uri permissions or launching unexported components. Here are some typical design patterns that can be used to safely resolve these violations:

  • The ideal approach is to migrate to using a PendingIntent, which ensures that your launch is performed using the identity of the original creator, completely avoiding the security issues described above.
  • If using a PendingIntent isn't feasible, an alternative approach is to create a brand new Intent and carefully copy only specific values from the original Intent after careful validation.

Note that this may detect false-positives if your app sends itself an Intent which is first routed through the OS, such as using Intent.createChooser. In these cases, careful inspection is required to determine if the return point into your app is appropriately protected with a signature permission or marked as unexported. If the return point is not protected, your app is likely vulnerable to malicious apps.

Summary

Public constructors

UnsafeIntentLaunchViolation(Intent intent)

Public methods

Intent getIntent()

Return the Intent which caused this violation to be raised.

Inherited methods

Public constructors

UnsafeIntentLaunchViolation

Added in API level 31
public UnsafeIntentLaunchViolation (Intent intent)

Parameters
intent Intent: This value cannot be null.

Public methods

getIntent

Added in API level 31
public Intent getIntent ()

Return the Intent which caused this violation to be raised. Note that this value is not available if this violation has been serialized since intents cannot be serialized.

Returns
Intent This value may be null.