-1

Consider a typical implicit Intent flow, where one android app generates an Implicit Intent, the Android OS asks the user to select one of the 'capable' apps for that Intent (those that are installed on the user device and with an appropriate declaration in the manifest file.). The user then selects an app of his choice and the app gets launched and starts processing Intent.

Is it possible for some malicious app to intercept this intent and to read the content of the Intent (Please note that the user has not selected this malicious app)? Is this possible in a non-rooted device as well?

Phantômaxx
  • 37,901
  • 21
  • 84
  • 115
Akash Mahajan
  • 512
  • 4
  • 16

1 Answers1

0

The security model of activity Intents is precisely that the content is protected because the user has to explicitely select the application before it can see the intent.

This protection does not exist for service Intent, this is why starting / binding a service with an inplicit intent is considered a security hazard (and even forbidden in recent version of Android)

I don't know if it is possible to bypass the protection but it would surely be considered as a serious bug. As usual, with rooted device, all bets are off

bwt
  • 17,292
  • 1
  • 42
  • 60