CWE-926 - Improper Export of Android Application Components
- Abstraction:Variant
- Structure:Simple
- Status:Incomplete
- Release Date:2013-07-17
- Latest Modification Date:2023-06-29
Weakness Name
Improper Export of Android Application Components
Description
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
The attacks and consequences of improperly exporting a component may depend on the exported component:
Common Consequences
Scope: Availability, Integrity
Impact: Unexpected State, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context
Notes: Other applications, possibly untrusted, can launch the Activity.
Scope: Availability, Integrity
Impact: Unexpected State, Gain Privileges or Assume Identity, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context
Notes: Other applications, possibly untrusted, can bind to the Service.
Scope: Confidentiality, Integrity
Impact: Read Application Data, Modify Application Data
Notes: Other applications, possibly untrusted, can read or modify the data that is offered by the Content Provider.