Stay organized with collections
Save and categorize content based on your preferences.
UnsafeIntentLaunchViolation
class UnsafeIntentLaunchViolation : Violation
Violation raised when your app launches an Intent
which originated from outside your app.
Violations may indicate security vulnerabilities in the design of your app, where a malicious app could trick you into granting Uri
permissions or launching unexported components. Here are some typical design patterns that can be used to safely resolve these violations:
- The ideal approach is to migrate to using a
PendingIntent
, which ensures that your launch is performed using the identity of the original creator, completely avoiding the security issues described above.
- If using a
PendingIntent
isn't feasible, an alternative approach is to create a brand new Intent
and carefully copy only specific values from the original Intent
after careful validation.
Note that this may detect false-positives if your app sends itself an Intent
which is first routed through the OS, such as using android.content.Intent#createChooser. In these cases, careful inspection is required to determine if the return point into your app is appropriately protected with a signature permission or marked as unexported. If the return point is not protected, your app is likely vulnerable to malicious apps.
Summary
Public methods |
Intent? |
Return the Intent which caused this violation to be raised.
|
Public constructors
UnsafeIntentLaunchViolation
UnsafeIntentLaunchViolation(intent: Intent)
Parameters |
intent |
Intent: This value cannot be null . |
Public methods
getIntent
fun getIntent(): Intent?
Return the Intent
which caused this violation to be raised. Note that this value is not available if this violation has been serialized since intents cannot be serialized.
Return |
Intent? |
This value may be null . |
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2025-02-10 UTC.
[null,null,["Last updated 2025-02-10 UTC."],[],[],null,["# UnsafeIntentLaunchViolation\n\nAdded in [API level 31](https://developer.android.com/guide/topics/manifest/uses-sdk-element.html#ApiLevels)\n\nUnsafeIntentLaunchViolation\n===========================\n\n*** ** * ** ***\n\nKotlin \\|[Java](/reference/android/os/strictmode/UnsafeIntentLaunchViolation \"View this page in Java\") \n\n```\nclass UnsafeIntentLaunchViolation : Violation\n```\n\n|---|---|---|--------------------------------------------------------|\n| [kotlin.Any](https://kotlinlang.org/api/latest/jvm/stdlib/kotlin/-any/index.html) ||||\n| ↳ | [kotlin.Throwable](https://kotlinlang.org/api/latest/jvm/stdlib/kotlin/-throwable/index.html) |||\n| | ↳ | [android.os.strictmode.Violation](/reference/kotlin/android/os/strictmode/Violation) ||\n| | | ↳ | [android.os.strictmode.UnsafeIntentLaunchViolation](#) |\n\nViolation raised when your app launches an [Intent](../../content/Intent.html#) which originated from outside your app.\n\nViolations may indicate security vulnerabilities in the design of your app, where a malicious app could trick you into granting [Uri](../../net/Uri.html#) permissions or launching unexported components. Here are some typical design patterns that can be used to safely resolve these violations:\n\n- The ideal approach is to migrate to using a [PendingIntent](../../app/PendingIntent.html#), which ensures that your launch is performed using the identity of the original creator, completely avoiding the security issues described above.\n- If using a [PendingIntent](../../app/PendingIntent.html#) isn't feasible, an alternative approach is to create a brand new [Intent](../../content/Intent.html#) and carefully copy only specific values from the original [Intent](../../content/Intent.html#) after careful validation.\n\nNote that this *may* detect false-positives if your app sends itself an [Intent](../../content/Intent.html#) which is first routed through the OS, such as using android.content.Intent#createChooser. In these cases, careful inspection is required to determine if the return point into your app is appropriately protected with a signature permission or marked as unexported. If the return point is not protected, your app is likely vulnerable to malicious apps.\n\nSummary\n-------\n\n| Public constructors ||\n|------------------------------------------------------------------------------------------------------------------------------------------------|---|\n| [UnsafeIntentLaunchViolation](#UnsafeIntentLaunchViolation(android.content.Intent))`(`intent:` `[Intent](../../content/Intent.html#)`)` \u003cbr /\u003e |\n\n| Public methods ||\n|---------------------------------------|-------------------------------------------------------------------------------------------------------------------------|\n| [Intent](../../content/Intent.html#)? | [getIntent](#getIntent())`()` Return the [Intent](../../content/Intent.html#) which caused this violation to be raised. |\n\n| Inherited functions ||\n|---|---|\n| From class [Violation](/reference/kotlin/android/os/strictmode/Violation) |----------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | [Throwable](https://kotlinlang.org/api/latest/jvm/stdlib/kotlin/-throwable/index.html) | [fillInStackTrace](/reference/kotlin/android/os/strictmode/Violation#fillInStackTrace())`()` \u003cbr /\u003e | | [Int](https://kotlinlang.org/api/latest/jvm/stdlib/kotlin/-int/index.html) | [hashCode](/reference/kotlin/android/os/strictmode/Violation#hashCode())`()` \u003cbr /\u003e | | [Throwable](https://kotlinlang.org/api/latest/jvm/stdlib/kotlin/-throwable/index.html) | [initCause](/reference/kotlin/android/os/strictmode/Violation#initCause(kotlin.Throwable))`(`cause:` `[Throwable](https://kotlinlang.org/api/latest/jvm/stdlib/kotlin/-throwable/index.html)?`)` \u003cbr /\u003e | | [Unit](https://kotlinlang.org/api/latest/jvm/stdlib/kotlin/-unit/index.html) | [setStackTrace](/reference/kotlin/android/os/strictmode/Violation#setStackTrace(kotlin.Array))`(`stackTrace:` `[Array](https://kotlinlang.org/api/latest/jvm/stdlib/kotlin/-array/index.html)\u003c[StackTraceElement](../../../java/lang/StackTraceElement.html#)!\u003e`)` \u003cbr /\u003e | ||\n\nPublic constructors\n-------------------\n\n### UnsafeIntentLaunchViolation\n\nAdded in [API level 31](https://developer.android.com/guide/topics/manifest/uses-sdk-element.html#ApiLevels) \n\n```\nUnsafeIntentLaunchViolation(intent: Intent)\n```\n\n| Parameters ||\n|----------|--------------------------------------------------------------------|\n| `intent` | [Intent](../../content/Intent.html#): This value cannot be `null`. |\n\nPublic methods\n--------------\n\n### getIntent\n\nAdded in [API level 31](https://developer.android.com/guide/topics/manifest/uses-sdk-element.html#ApiLevels) \n\n```\nfun getIntent(): Intent?\n```\n\nReturn the [Intent](../../content/Intent.html#) which caused this violation to be raised. Note that this value is not available if this violation has been serialized since intents cannot be serialized.\n\n| Return ||\n|---------------------------------------|---------------------------|\n| [Intent](../../content/Intent.html#)? | This value may be `null`. |"]]