UnsafeIntentLaunchViolation
public
final
class
UnsafeIntentLaunchViolation
extends Violation
Violation raised when your app launches an Intent
which originated
from outside your app.
Violations may indicate security vulnerabilities in the design of your app,
where a malicious app could trick you into granting Uri
permissions
or launching unexported components. Here are some typical design patterns
that can be used to safely resolve these violations:
- The ideal approach is to migrate to using a
PendingIntent
, which
ensures that your launch is performed using the identity of the original
creator, completely avoiding the security issues described above.
- If using a
PendingIntent
isn't feasible, an alternative approach
is to create a brand new Intent
and carefully copy only specific
values from the original Intent
after careful validation.
Note that this may detect false-positives if your app sends itself
an Intent
which is first routed through the OS, such as using
Intent.createChooser
. In these cases, careful inspection is required
to determine if the return point into your app is appropriately protected
with a signature permission or marked as unexported. If the return point is
not protected, your app is likely vulnerable to malicious apps.
Summary
Inherited methods |
From class
android.os.strictmode.Violation
|
From class
java.lang.Throwable
|
From class
java.lang.Object
Object
|
clone()
Creates and returns a copy of this object.
|
boolean
|
equals(Object obj)
Indicates whether some other object is "equal to" this one.
|
void
|
finalize()
Called by the garbage collector on an object when garbage collection
determines that there are no more references to the object.
|
final
Class<?>
|
getClass()
Returns the runtime class of this Object .
|
int
|
hashCode()
Returns a hash code value for the object.
|
final
void
|
notify()
Wakes up a single thread that is waiting on this object's
monitor.
|
final
void
|
notifyAll()
Wakes up all threads that are waiting on this object's monitor.
|
String
|
toString()
Returns a string representation of the object.
|
final
void
|
wait(long timeoutMillis, int nanos)
Causes the current thread to wait until it is awakened, typically
by being notified or interrupted, or until a
certain amount of real time has elapsed.
|
final
void
|
wait(long timeoutMillis)
Causes the current thread to wait until it is awakened, typically
by being notified or interrupted, or until a
certain amount of real time has elapsed.
|
final
void
|
wait()
Causes the current thread to wait until it is awakened, typically
by being notified or interrupted.
|
|
Public constructors
UnsafeIntentLaunchViolation
public UnsafeIntentLaunchViolation (Intent intent)
Parameters |
intent |
Intent : This value cannot be null . |
Public methods
getIntent
public Intent getIntent ()
Return the Intent
which caused this violation to be raised. Note
that this value is not available if this violation has been serialized
since intents cannot be serialized.
Returns |
Intent |
This value may be null . |
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2025-02-10 UTC.
[null,null,["Last updated 2025-02-10 UTC."],[],[]]