bagipro

Hey @iBotPeaches Almost all of the attributes should be declared in `android:` namespace like so ```xml ```

@iBotPeaches Nope, it's a kind of obfuscation that truncates namespace values

@anantshri Just check the articles’ contents! It contains so many techniques that are missing on OWASP

@sushi2k Thanks for your feedback. I've made changes. Regarding the techniques: 1. OWASP docs don't say anything about intent redirection bugs (https://blog.oversecured.com/Android-Access-to-app-protected-components/) and gaining access to content providers with `android:grantUriPermissions="true"`...

@sushi2k Also, look for https://www.blackhat.com/eu-21/briefings/schedule/index.html#re-route-your-intent-for-privilege-escalation-an-universal-way-to-exploit-android-pendingintents-in-high-profile-and-system-apps-24340. They will report a new vector on how to get access to providers via PendingIntents (a lot of apps are vulnerable to that right now!)

@skylot Yeah, I actually completely forgot about this report :) I tried to look on jadx-gui. But some reason when I open some tabs, a new server socket thread is...

@skylot Oh, looks like it was enabled. Let me try using jadx-gui for a few days and I will close the issue. Thanks!

Yeah, it solves the problem (again). Sorry!

And similar thing in ``` de.number26.machete.android.deeplink.DeepLinkUtils ```. By some reason the most code is placed to ``` catch ``` block, but it definitely shouldn't be over there: ```java /* renamed...

@skylot The second issue is fixed by the latest commit. The first one is still reproducible