Skip to content

Commit

Permalink
Update KB
Browse files Browse the repository at this point in the history
  • Loading branch information
ostorlab committed Nov 17, 2023
1 parent 8152843 commit af5e482
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 85 deletions.
84 changes: 0 additions & 84 deletions MOBILE_CLIENT/ANDROID/_MEDIUM/IMPLICIT_PENDINGINTENT/context.md
View file

This file was deleted.

6 changes: 5 additions & 1 deletion MOBILE_CLIENT/ANDROID/_MEDIUM/IMPLICIT_PENDINGINTENT/recommendation.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
Developers can address the vulnerability by applying any (or even better, all) of the following:

- Ensuring that the action, package, and component fields of the base Intent are set;
- Ensuring that the action, package, and component fields of the base Intent are set (explicit Intent);
- Ensuring that the PendingIntent is only delivered to trusted components;
- Using `FLAG_IMMUTABLE` (added in SDK 23) to create `PendingIntents`. This prevents apps that receive the `PendingIntent` from filling in unpopulated properties. In case the app also runs on devices running SDK 22 or older, we recommend developers to apply the previous options while strengthening the PendingIntent creation with the pattern:
- Being cautious with the data included in the intents.
- Canceling `PendingIntent`s when they are no longer needed.
- Keeping your app updated with the latest Android security practices.


=== "Java"
```java
Expand Down

0 comments on commit af5e482

Please sign in to comment.