You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When an android application uses a <code>BroadcastReciever</code> to receive Intents,
10
+
it is also able to receive explicit Intents that are sent drctly to it, egardless of its filter.
11
+
12
+
Certain intent actions are only able to be sent by the operating system, not third-party applications.
13
+
However, a <code>BroadcastReceiver</code> that is registered to recieve system intents is still able to recieve
14
+
other intents from a third-party application, so it should check that the intent received has the expected action.
15
+
Otherwise, a third-party application could impersonate the system this way and cause unintended behaviour, such as a denial of service.
16
+
</p>
17
+
</overview>
18
+
19
+
<example>
20
+
<p>In the following code, the <code>ShutdownReceiver</code> initiates a shutdown procedure upon receiving an Intent,
21
+
without checking that the received action is indeed <code>ACTION_SHUTDOWN</code>. This allows third-party applications to
22
+
send explicit intents to this receiver to cause a denial of service.</p>
23
+
<samplesrc="Bad.java" />
24
+
</example>
25
+
26
+
<recommendation>
27
+
<p>
28
+
In the <code>onReceive</code> method of a <code>BroadcastReciever</code>, the action of the received Intent should be checked. The following code demonstrates this.
0 commit comments