Java Intent Sensitive Communication

Description

Detects potential exposure of sensitive information through Android Intents. This vulnerability occurs when an application shares sensitive data through Intent objects without proper security controls, which could allow unauthorized applications to intercept the data.

Weakness:

017 - Sensitive information sent insecurely

Category: Information Collection

Detection Strategy

• Checks if Android Intent related packages are imported in the code

• Identifies calls to sensitive Intent communication methods like putExtra(), setData(), or similar Intent data setting methods

• Verifies if sensitive or unprotected data is being passed to these Intent methods

• Reports a vulnerability when sensitive data is shared through Intents without proper security controls or flags

Vulnerable code example

import android.content.Context;
import android.content.Intent;

public class VulnerableActivity {
    public void sendSensitiveData(Context context) {
        String sensitiveToken = "secret_api_token_123";
        
        // Vulnerable: Broadcasting sensitive data without permission restrictions...

✅ Secure code example

import android.content.Context;
import android.content.Intent;

public class SecureActivity {
    private static final String CUSTOM_PERMISSION = "com.example.CUSTOM_PERMISSION";
    
    public void sendSensitiveData(Context context) {
        String sensitiveToken = "secret_api_token_123";...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.