Java Intent Sensitive Communication
Description
Detects potential exposure of sensitive information through Android Intents. This vulnerability occurs when an application shares sensitive data through Intent objects without proper security controls, which could allow unauthorized applications to intercept the data.
Detection Strategy
• Checks if Android Intent related packages are imported in the code
• Identifies calls to sensitive Intent communication methods like putExtra(), setData(), or similar Intent data setting methods
• Verifies if sensitive or unprotected data is being passed to these Intent methods
• Reports a vulnerability when sensitive data is shared through Intents without proper security controls or flags
Vulnerable code example
import android.content.Context;
import android.content.Intent;
public class VulnerableActivity {
public void sendSensitiveData(Context context) {
String sensitiveToken = "secret_api_token_123";
// Vulnerable: Broadcasting sensitive data without permission restrictions...✅ Secure code example
import android.content.Context;
import android.content.Intent;
public class SecureActivity {
private static final String CUSTOM_PERMISSION = "com.example.CUSTOM_PERMISSION";
public void sendSensitiveData(Context context) {
String sensitiveToken = "secret_api_token_123";...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.