owasp-mastg icon indicating copy to clipboard operation
owasp-mastg copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Issue #2052 - Implicit Intent Injection

Open LukasMarckmiller opened this issue 3 years ago • 2 comments

This PR is related to #2052 and covers the implicit intent part but the part about broadcast receiver changes in Android Oreo, mentioned in the closed issue #941 is still open.

LukasMarckmiller avatar Feb 03 '22 22:02 LukasMarckmiller

@cpholguera

unfortunately this feature does not fix the problem since the receiving app is the malicious part anyway. The core problem is not the hijacking of the intent but the improper handling of its return value.

LukasMarckmiller avatar May 24 '22 11:05 LukasMarckmiller

Just a comment for now. Sorry about the long wait @LukasMarckmiller, we are working on the MASVS refactoring for a couple of months already and that's getting all of our time. Thanks for your PR and for your patience!

No problem! Im happy to contribute to the project so i can give something back to you guys! 😄

LukasMarckmiller avatar May 24 '22 11:05 LukasMarckmiller