Authorization / Broadcast Receiver Dynamic Registration

Description

Broadcast receiver dynamic registration is a type of authorization vulnerability that occurs in mobile applications and Android operating systems. This vulnerability occurs when an application registers a broadcast receiver dynamically, and does not properly control the intent filters (CWE-284). This can lead to an attacker sending a malicious intent to the application, which can ultimately lead to unintended and dangerous operations being executed (OWASP Testing Guide).

Risk

The risk of broadcast receiver dynamic registration is that it can lead to an attacker successfully launching malicious intents against the application, leading to compromised user data and other unintended operations being executed. This can ultimately lead to a data breach and other malicious operations that can cause serious harm to the user, the application, and the device.

Solution

The solution to this vulnerability is to ensure that the application is properly validating the intent filters and only allowing trusted intents to be handled. Additionally, using a secure code review can help identify any weaknesses in the application and help mitigate the vulnerability.

Example

The following code is an example of a broadcast receiver dynamic registration vulnerability taken from CVE-2017-17402.

IntentFilter filter = new IntentFilter();
filter.addAction(Intent.ACTION_VIEW);
filter.setData(Uri.parse("http://example.com"));
registerReceiver(mReceiver, filter);

In this example, the application is registering a broadcast receiver with an intent filter that is not properly validated, which can lead to an attacker sending a malicious intent to the application.