Android Context Registered Broadcast Receivers Not Protected with Permissions #343
Labels
Comments
|
👋 Hi @asegurola and Thank you for reaching out to us.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
A static analysis security tool we use it's complaining about this SDK not protecting broadcast receivers properly.
Smartphone (please complete the following information):
Additional context
The recommendation is to protect those broadcast receivers as described here:
Restricting broadcasts with permissions https://developer.android.com/guide/components/broadcasts.html#restrict-broadcasts-permissions
Android 13 - Safer exporting of context-registered receivers https://developer.android.com/about/versions/13/features#runtime-receivers
Android 14 - Runtime-registered broadcasts receivers must specify export behavior https://developer.android.com/about/versions/14/behavior-changes-14#runtime-receivers-exported
Evidence
com.appsflyer.internal.AFa1tSDK - AFInAppEventParameterName()
Artifacts
{ "class": "com.appsflyer.internal.AFa1tSDK", "method": "AFInAppEventParameterName()", "locations": [ { "location_id": "sc3ddf9c9-d1b2-41af-8633-0a88d4075a5e" } ], "_raw": { "api": "Landroid/content/Context;,registerReceiver,(Landroid/content/BroadcastReceiver;Landroid/content/IntentFilter;)Landroid/content/Intent;", "line": -1, "method": "Lcom/appsflyer/internal/AFa1tSDK;,AFInAppEventParameterName,(Landroid/content/Context;)Lcom/appsflyer/internal/AFd1vSDK$AFa1uSDK;", "source_file": "com/appsflyer/internal/SourceFile" } }Locations
[ { "id": "sc3ddf9c9-d1b2-41af-8633-0a88d4075a5e", "data": { "type": "backtrace", "entries": [ { "type": "java", "context": { "flags": [], "signature": "Lcom/appsflyer/internal/AFa1tSDK;,AFInAppEventParameterName,(Landroid/content/Context;)Lcom/appsflyer/internal/AFd1vSDK$AFa1uSDK;", "class_name": "com.appsflyer.internal.AFa1tSDK", "method_name": "AFInAppEventParameterName" } }, { "type": "java", "context": { "flags": [], "source": { "line": -1, "name": "com/appsflyer/internal/SourceFile" }, "signature": "Landroid/content/Context;,registerReceiver,(Landroid/content/BroadcastReceiver;Landroid/content/IntentFilter;)Landroid/content/Intent;", "class_name": "android.content.Context", "method_name": "registerReceiver" } } ] } } ]com.appsflyer.internal.AFd1rSDK - AFInAppEventType()
Artifacts
{ "class": "com.appsflyer.internal.AFd1rSDK", "method": "AFInAppEventType()", "locations": [ { "location_id": "s8c11b1e3-d2c9-4302-a1ca-8a6ba69c94fc" } ], "_raw": { "api": "Landroid/content/Context;,registerReceiver,(Landroid/content/BroadcastReceiver;Landroid/content/IntentFilter;)Landroid/content/Intent;", "line": -1, "method": "Lcom/appsflyer/internal/AFd1rSDK;,AFInAppEventType,()Ljava/lang/String;", "source_file": "com/appsflyer/internal/SourceFile" } }Locations
[ { "id": "s8c11b1e3-d2c9-4302-a1ca-8a6ba69c94fc", "data": { "type": "backtrace", "entries": [ { "type": "java", "context": { "flags": [], "signature": "Lcom/appsflyer/internal/AFd1rSDK;,AFInAppEventType,()Ljava/lang/String;", "class_name": "com.appsflyer.internal.AFd1rSDK", "method_name": "AFInAppEventType" } }, { "type": "java", "context": { "flags": [], "source": { "line": -1, "name": "com/appsflyer/internal/SourceFile" }, "signature": "Landroid/content/Context;,registerReceiver,(Landroid/content/BroadcastReceiver;Landroid/content/IntentFilter;)Landroid/content/Intent;", "class_name": "android.content.Context", "method_name": "registerReceiver" } } ] } } ]The text was updated successfully, but these errors were encountered: