com.insecureshop.ResultActivity
is exported and contains the following code:setResult(code, intent)
. Such configuration allows an attacker to access arbitrary content providers.long pressing the app icon
and then going to App Info > Permissions
. Here you need to enable
the Contacts permission.