Android Application Security Testing Part-6: Android Intents-Activating Components
Android Intents-Activating Android App Components
- In part-5
we studied that there are four Android application components are there.
- Three of the
four component types—activities, services, and broadcast receivers—are
activated by an asynchronous message called an intent.
- Intents bind
individual components to each other at runtime (you can think of them as
the messengers that request an action from other components), whether the
component belongs to your app or to other.
- During the
execution of the app, you may be required to invoke one activity from
another activity. For example, you may want that when a user clicks a
button on one activity, another activity should be launched. To implement
this requirement, you need to use intents.
Types of Intents:
There are two types
of intents:
Explicit
intents: Explicit intents specify which
application will satisfy the intent, by supplying either the target app's
package name or a fully-qualified component class name. You'll typically use an
explicit intent to start a component in your own app, because you know the
class name of the activity or service you want to start. For example, you might
start a new activity within your app in response to a user action, or start a
service to download a file in the background.
Implicit
intents: Implicit intents do not name a
specific component, but instead declare a general action to perform, which
allows a component from another app to handle it. For example, if you want to
show the user a location on a map, you can use an implicit intent to request
that another capable app show a specified location on a map.
- Components can
end up becoming exported to other applications running on the same device
in three ways: by the Default export behaviour, by being Explicitly
exported, and by being Implicitly exported, as discussed next.
Default Export Behaviour : The targetSdkVersion of
an application is set to 16 or lower, the content provider will still be
exported by default.
Explicitly Exported : Application components can be explicitly marked as exported
in the application manifest. This is the most obvious way to know that a
component is exported.
Implicitly Exported : Any component that makes use of an <intent-filter> is
exported by default. This means that even intents that aren’t explicitly
targeting an application component’s intent filter can still be sent to the
component
Useful Links:
No comments