Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to fix UnsafeProtectedBroadcastReceiver?

Following my BroadcastReceiver:

public class MyBroadcastReceiver extends BroadcastReceiver {
    @Override
    public void onReceive(Context context, Intent intent) {
       // my code
    }
}

And it is registered in the AndroidManifest:

<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />

<receiver android:enabled="true"
            android:name=".MyBroadcastReceiver">
            <intent-filter>
                <action android:name="android.intent.action.DATE_CHANGED" />
                <action android:name="android.intent.action.BOOT_COMPLETED"/>
            </intent-filter>
</receiver>

The linter reports the following error in the onReceive method of MyBroadcastReceiver:

This broadcast receiver declares an intent-filter for a protected broadcast action string, which can only be sent by the system, not third-party applications. However, the receiver's onReceive method does not appear to call getAction to ensure that the received Intent's action string matches the expected value, potentially making it possible for another actor to send a spoofed intent with no action string or a different action string and cause undesired behavior. BroadcastReceivers that declare an intent-filter for a protected-broadcast action string must check that the received intent's action string matches the expected value, otherwise it is possible for malicious actors to spoof intents.

Issue id: UnsafeProtectedBroadcastReceiver

How to fix UnsafeProtectedBroadcastReceiver?

like image 786
Bob Avatar asked Oct 03 '18 14:10

Bob


1 Answers

Filter the action, like it says to do:

public class MyBroadcastReceiver extends BroadcastReceiver {
    @Override
    public void onReceive(Context context, Intent intent) {
        switch (intent.getAction()) {
            case Intent.ACTION_DATE_CHANGED:
                //what you want to do
                break;
            case Intent.ACTION_BOOT_COMPLETED:
                //what you want to do
                break;
        }
    }
}

If you don't check that, any app can "call" BOOT_COMPLETED on your Receiver simply by specifying the classname, since that bypasses the filter.

like image 149
TheWanderer Avatar answered Oct 04 '22 11:10

TheWanderer