Read Time:33 Second
Description
The Android application uses an implicit intent for transmitting sensitive data to other applications.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
Consequences
Confidentiality: Read Application Data
Other applications, possibly untrusted, can read the data that is offered through the Intent.
Integrity: Varies by Context
The application may handle responses from untrusted applications on the device, which could cause it to perform unexpected or unauthorized actions.
Potential Mitigations
Phase: Implementation
Effectiveness:
Description:
If the application only requires communication with its own components, then the destination is always known, and an explicit intent could be used.
CVE References