Basics of Android Architecture
- Intents is a form of interprocess communcication (IPC) used by Android
- Explicit Intent: Used to call a specific component from one activity inside the same application. Used for data transfer between activities in the same application.
- Example:
Intent intent = new Intent(getApplicationContext(), SecondActivity.class); startActivity(Intent);
- Example:
- Implicit Intent: Does not specify the Android component to be called, but only the action to be performed
- Example: How Gmail communicates with Firefox via Activities
- Example:
Intent intent = new Intent(ACTION_VIEW, Uri.parse("https://www.google.com"));
- Explicit Intent: Used to call a specific component from one activity inside the same application. Used for data transfer between activities in the same application.
- Content Providers are used as a central repository in which data of the application is stored. Also facilitates how other applications can access android sandboxes.
- Content Providers are defined as content:// then includes the authority of the provider which is the providers symbolic name
content://com.adobe.reader/files/test.pdf
Exploitation of Android Memory Corruption
- https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/
Exploitation of Android Content Providers
- https://blog.oversecured.com/Gaining-access-to-arbitrary-Content-Providers/
Insecure SetResult Implementation
https://erev0s.com/blog/exploiting-content-providers-through-an-insecure-setresult-implementation/