UnsafeIntentLaunchViolation
public
final
class
UnsafeIntentLaunchViolation
extends Violation
java.lang.Object | |||
↳ | java.lang.Throwable | ||
↳ | android.os.strictmode.Violation | ||
↳ | android.os.strictmode.UnsafeIntentLaunchViolation |
Violation raised when your app launches an Intent
which originated
from outside your app.
Violations may indicate security vulnerabilities in the design of your app,
where a malicious app could trick you into granting Uri
permissions
or launching unexported components. Here are some typical design patterns
that can be used to safely resolve these violations:
- The ideal approach is to migrate to using a
PendingIntent
, which ensures that your launch is performed using the identity of the original creator, completely avoiding the security issues described above. - If using a
PendingIntent
isn't feasible, an alternative approach is to create a brand newIntent
and carefully copy only specific values from the originalIntent
after careful validation.
Note that this may detect false-positives if your app sends itself
an Intent
which is first routed through the OS, such as using
Intent.createChooser
. In these cases, careful inspection is required
to determine if the return point into your app is appropriately protected
with a signature permission or marked as unexported. If the return point is
not protected, your app is likely vulnerable to malicious apps.
Summary
Public constructors | |
---|---|
UnsafeIntentLaunchViolation(Intent intent)
|
Public methods | |
---|---|
Intent
|
getIntent()
Return the |
Inherited methods | |
---|---|
Public constructors
UnsafeIntentLaunchViolation
public UnsafeIntentLaunchViolation (Intent intent)
Parameters | |
---|---|
intent |
Intent : This value cannot be null . |
Public methods
getIntent
public Intent getIntent ()
Return the Intent
which caused this violation to be raised. Note
that this value is not available if this violation has been serialized
since intents cannot be serialized.
Returns | |
---|---|
Intent |
This value may be null . |