Leaking sensitive information through an implicit Intent — CodeQL query help documentation CodeQL docs

CodeQL resources

Leaking sensitive information through an implicit Intent¶

ID: java/android/sensitive-communication
Kind: path-problem
Security severity: 8.2
Severity: warning
Precision: medium
Tags:
   - security
   - external/cwe/cwe-927
Query suites:
   - java-security-extended.qls
   - java-security-and-quality.qls

Click to see the query in the CodeQL repository

When an implicit Intent is used with a method such as startActivity, startService, or sendBroadcast, it may be read by other applications on the device.

This means that sensitive data in these Intents may be leaked.

Recommendation¶

For sendBroadcast methods, a receiver permission may be specified so that only applications with a certain permission may receive the Intent; or a LocalBroadcastManager may be used. Otherwise, ensure that Intents containing sensitive data have an explicit receiver class set.

Example¶

The following example shows two ways of broadcasting Intents. In the ‘BAD’ case, no “receiver permission” is specified. In the ‘GOOD’ case, “receiver permission” or “receiver application” is specified.

public void sendBroadcast1(Context context, String token, String refreshToken) 
{
    {
        // BAD: broadcast sensitive information to all listeners
        Intent intent = new Intent();
        intent.setAction("com.example.custom_action");
        intent.putExtra("token", token);
        intent.putExtra("refreshToken", refreshToken);
        context.sendBroadcast(intent);
    }

    {
        // GOOD: broadcast sensitive information only to those with permission
        Intent intent = new Intent();
        intent.setAction("com.example.custom_action");
        intent.putExtra("token", token);
        intent.putExtra("refreshToken", refreshToken);
        context.sendBroadcast(intent, "com.example.user_permission");
    }

    {
        // GOOD: broadcast sensitive information to a specific application
        Intent intent = new Intent();
        intent.setAction("com.example.custom_action");
        intent.setClassName("com.example2", "com.example2.UserInfoHandler");
        intent.putExtra("token", token);
        intent.putExtra("refreshToken", refreshToken);
        context.sendBroadcast(intent);
    }
}

References¶

Android Developers: Security considerations and best practices for sending and receiving broadcasts
SonarSource: Broadcasting intents is security-sensitive
Android Developer Fundamentals: Restricting broadcasts
Carnegie Mellon University: DRD03-J. Do not broadcast sensitive information using an implicit intent
Android Developers: Android LiveData Overview
Oversecured: Interception of Android implicit intents
Common Weakness Enumeration: CWE-927.

© GitHub, Inc.
Terms
Privacy