0

Consider the case of a BroadcastReceiver that listens to Wifi events and is registered in AndroidManifest.xml as follows : 

<receiver android:name=".receiver.WifiBroadcastReceiver"
        android:enabled="true" android:exported="true" android:permission="android.permission.BRICK">
    <intent-filter android:priority="501">
        <action android:name="android.net.wifi.WIFI_STATE_CHANGED"/>
        <action android:name="android.net.wifi.STATE_CHANGE"/>
    </intent-filter>
</receiver>

A rogue app may forge and broadcast such events thus affecting apps behavior.

Does requiring the android.permission.BRICK permission for an exported BroadcastReceiver mitigate all the security issues related to rogue apps that may be installed by an average user ?

mda
  • 13
  • 5
  • I might be wrong, you don't need to set exported and I doubt a non system app could send broadcast with those actions. – hypd09 Dec 05 '15 at 18:51
  • "A rogue app may forge and broadcast such events thus affecting apps behavior" -- apps can ignore the extras and ask `WifiManager` for the current state. I fail to see what the risk is here of such forged broadcasts. "Does requiring the android.permission.BRICK permission for an exported BroadcastReceiver mitigate all the security issues related to rogue apps that may be installed by an average user ?" -- no, insofar as your app may not work, as you assume that whatever process is sending those broadcasts legitimately actually holds the `BRICK` permission. – CommonsWare Dec 05 '15 at 19:15

0 Answers0