Insecure Implementation of SetResult in exported Activity
The
com.insecureshop.ResultActivity
is exported and contains the following code: public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setResult(-1, getIntent());
finish();
The exported activity passes an Intent to the attacker via
setResult(code, intent)
. Such configuration allows an attacker to access arbitrary content providers.Note: In order to read Phone contacts, you need to grant InsecureShop access to your contacts. You can enable this permission by
long pressing the app icon
and then going to App Info > Permissions
. Here you need to enable
the Contacts permission. 