VariantIncomplete

CWE-927Use of Implicit Intent for Sensitive Communication

Category: data-exposure

Description

The Android application uses an implicit intent for transmitting sensitive data to other applications.

Common consequences· 2

  • Confidentiality — Read Application Data
    Other applications, possibly untrusted, can read the data that is offered through the Intent.
  • Integrity — Varies by Context
    The application may handle responses from untrusted applications on the device, which could cause it to perform unexpected or unauthorized actions.

Potential mitigations· 1

  • [Implementation]If the application only requires communication with its own components, then the destination is always known, and an explicit intent could be used.

References

  1. https://cwe.mitre.org/data/definitions/927.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Verification of Intent by Broadcast Receiver
CWE
Improper Export of Android Application Components
CWE
Exposure of Sensitive Information to an Unauthorized Actor
CWE
Exposure of Sensitive Information Due to Incompatible Policies
CWE
Insufficiently Protected Credentials
CWE
Exposure of Private Personal Information to an Unauthorized Actor
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.