Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

queryIntentActivities() includes private Activity in results

Tags:

android

android-activity

android-intent

I've an Activity in one of my apps that has an Intent filter, but is still marked as private, i.e. android:exported=false:

    <activity android:exported="false" android:name=".facebook.PostToFacebookActivity" android:icon="@drawable/facebook_icon" android:label="@string/facebook_built_in">
        <intent-filter>
            <action android:name="android.intent.action.SEND" />
            <category android:name="android.intent.category.DEFAULT" />
            <data android:mimeType="text/plain" />
        </intent-filter>
    </activity>

(The Activity is for internal use only; part of my app allows the user to choose from a list of all Activities that can send text somewhere, and this allows me to add a couple of app-internal options to the overall list easily.)

However, when I use queryIntentActivites() from a different app, my "private" activity is still returned:

// Returned list includes the above activity, even though it's declared private.
List<ResolveInfo> infoList = pm.queryIntentActivities(
        myIntent,
        PackageManager.MATCH_DEFAULT_ONLY | 
        PackageManager.GET_INTENT_FILTERS
);

The basic security seems to work fine, as if I try to start the Activity from the other app, I get a security exception. But it seems odd that asking for Activities for an Intent would give you a list including Activities that you're not allowed to start.

I'd have thought that if an Activity was set not to export, it wouldn't even appear in the queryIntentActivities() results. That's the behaviour I want, anyway. Is there a flag I can use to say "don't show me private Activities", or an easy way of filtering the results to get rid of Activities I'm not allowed to start?

like image 444
Matt Gibson Avatar asked Jun 21 '12 14:06

Matt Gibson

1 Answers

I'd have thought that if an Activity was set not to export, it wouldn't even appear in the queryIntentActivities() results.

That's way too logical. :-)

Is there a flag I can use to say "don't show me private Activities"

Certainly none that are documented.

or an easy way of filtering the results to get rid of Activities I'm not allowed to start?

Given a ResolveInfo, the activityInfo.exported boolean should be false for non-exported activities. You could loop through your queryIntentActivities() results and weed out the non-exported ones.

like image 146
CommonsWare Avatar answered Oct 19 '22 22:10

CommonsWare
Sign in to Comment

Related questions

Rhomobile vs. Phonegap considerations [closed]
Video not playing in Android
getting image from byte array in JSON object to android app
How to handle weights in onMeasue for custom views?
Sending SMS to real test device (not emulator) via DDMS or emulator instance
How to keep Popup window opened when orientation changes at run time in Android?
repo 'bisect' for debugging Android?
how to get environment variable value in Android.mk?
Activity gets killed while executing the camera intent
How to implement three way sliding button in Android
how to append text into an edittext in android?
Can't make spinner's scrollbar always visible (Android)
View.invalidate() does not seem to call View.onDraw()
Turkish character in SQLite while using LIKE expression
How to expand a list row when we tap on it in listview
How to display one activity inside another in Android?
Android: How to catch Fatal Exception thrown from a referenced library?
Communication between fragments/dialogs in android
How can I embed a website in my app
Qibla compass in Android [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!