Intercepting Implicit intent to load arbitrary URL
The class com.insecureshop.ProductListActivity
registers a receiver as shown below.
The code says the receiver named productDetailBroadCast
will trigger when the intent filter com.insecureshop.action.PRODUCT_DETAIL
is called.
registerReceiver(this.productDetailBroadCast, new android.content.IntentFilter("com.insecureshop.action.PRODUCT_DETAIL"));
The receiver com.insecureshop.broadcast.ProductDetailBroadCast
contains the following code.
The code takes an action, an extra and starts the activity.
public final class ProductDetailBroadCast extends android.content.BroadcastReceiver {
public void onReceive(android.content.Context context, android.content.Intent intent) {
android.content.Intent webViewIntent = new android.content.Intent("com.insecureshop.action.WEBVIEW");
webViewIntent.putExtra("url", "https://www.insecureshopapp.com/");
if (context != null) {
context.startActivity(webViewIntent);
}
}
}
Reference:
PreviousUse of Implicit intent to send a broadcast with sensitive dataNextInsecure Implementation of SetResult in exported Activity
Last updated
Was this helpful?