CWE-926: Improper Export of Android Application Components
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
常见后果
影响范围: Availability Integrity
技术影响: Unexpected State DoS: Crash, Exit, or Restart DoS: Instability Varies by Context
说明: Other applications, possibly untrusted, can launch the Activity.
影响范围: Availability Integrity
技术影响: Unexpected State Gain Privileges or Assume Identity DoS: Crash, Exit, or Restart DoS: Instability Varies by Context
说明: Other applications, possibly untrusted, can bind to the Service.
影响范围: Confidentiality Integrity
技术影响: Read Application Data Modify Application Data
说明: Other applications, possibly untrusted, can read or modify the data that is offered by the Content Provider.
潜在缓解措施
阶段: Build and Compilation
策略: Attack Surface Reduction
描述: If they do not need to be shared by other applications, explicitly mark components with android:exported="false" in the application manifest.
阶段: Build and Compilation
策略: Attack Surface Reduction
描述: If you only intend to use exported components between related apps under your control, use android:protectionLevel="signature" in the xml manifest to restrict access to applications signed by you.
阶段: Build and Compilation Architecture and Design
策略: Attack Surface Reduction
描述: Limit Content Provider permissions (read/write) as appropriate.
阶段: Build and Compilation Architecture and Design
策略: Separation of Privilege
描述: Limit Content Provider permissions (read/write) as appropriate.
检测方法
方法: Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
有效性: High
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |