Insecure Register Receiver Flag

Insecure Register Receiver Flag

Risk: medium

Description

The application calls the registerReceiver method with the argument flags set to RECEIVER_EXPORTED, which can be exploitable as it exposes the BroadcastReceiver to external applications, potentially leading to unauthorized access and other security vulnerabilities.

Java

context.registerReceiver(broadcastReceiver, intentFilter, RECEIVER_EXPORTED);

Recommendation

To mitigate risks associated with exporting receivers in Android applications, export only when essential. Additionally, ensure the exported BroadcastReceiver is protected with the necessary permissions to minimize potential security vulnerabilities.

XML

<receiver android:name=".MyReceiver" android:exported="true" android:permission="your_permission">
    <intent-filter>
        <action android:name="android.intent.action.ACTION1" />
        <action android:name="android.intent.action.ACTION2" />
    </intent-filter>
</receiver>

Links

• Safer exporting of context-registered receivers (Android Developer)

Standards

• OWASP_MASVS_L1:
  • MSTG_PLATFORM_4
• OWASP_MASVS_L2:
  • MSTG_PLATFORM_4
• GDPR:
  • ART_32
• PCI_STANDARDS:
  • REQ_2_2
  • REQ_6_2
  • REQ_6_3
  • REQ_11_3