Menu
I need to expose a module of my app to more than one app. Since, I did not specify any permission or expose attribute of the activity.
<activity
android:name=".MainActivity"
android:label="@string/app_name"
android:theme="@style/Theme.Transparent">
</activity>
With this, I can able to launch the application and i can able to do activity from other application too by calling intent.
But, When I integrate with SonarQube, its showing vulnerability and stating below issue.
Implement permissions on this exported component.
To fix this issue, I have tried following method.
In my app, I have defined the permission
<permission android:name="com.myApp.NORMAL_PERMISSION"
android:description="@string/perm_desc_NORMAL_PERMISSION"
android:label="@string/perm_label_NORMAL_PERMISSION"
android:protectionLevel="normal" />
and I refer this permission to my activity as below.
<activity
android:name=".MainActivity"
android:label="@string/app_name"
android:permission="com.myApp.NORMAL_PERMISSION"
android:theme="@style/Theme.Transparent">
But, I cannot able to do any action from other app by calling intent. But, vulnerability has been fixed.
If I add the below field to activity still its listed under vulnerability android:exported= "true"
if its android:exported= "false", vulnerability removed but app completely is not working
Let me know any other method to fix this vulnerability.
287
asked Oct 20 '25 19:10
In my main activity which hash intent-filter action android.intent.action.MAIN and category android.intent.category.LAUNCHER.
Its intended to be launched from other applications without any special permissions.
So, its require no permission.
<activity
. . .
android:exported="true"
android:permission="" >
That being said defining the permission as empty string resolves the issues and explicitly shows your intent that there are no permissions needed to launch this activity.
174
answered Oct 22 '25 11:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With