CWE-926β€”Improper Export of Android Application Components

PUBLISHEDweakness record
released 2013-07-17 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-926
Abstraction:
Variant
Structure:
Simple
Status:
Incomplete
Release Date:
2013-07-17
Latest Modification Date:
2025-12-11

Weakness Name

Improper Export of Android Application Components

Description

The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.

The attacks and consequences of improperly exporting a component may depend on the exported component:

Common Consequences

Scope:
Availability, Integrity
Impact:
Unexpected State, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context
Notes:
Other applications, possibly untrusted, can launch the Activity.
Scope:
Availability, Integrity
Impact:
Unexpected State, Gain Privileges or Assume Identity, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context
Notes:
Other applications, possibly untrusted, can bind to the Service.
Scope:
Confidentiality, Integrity
Impact:
Read Application Data, Modify Application Data
Notes:
Other applications, possibly untrusted, can read or modify the data that is offered by the Content Provider.

Related Weaknesses