logo

CWE-926 - Improper Export of Android Application Components

CWE-926

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

Improper Export of Android Application Components

Description

The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.

The attacks and consequences of improperly exporting a component may depend on the exported component:

Common Consequences

Scope: Availability, Integrity

Impact: Unexpected State, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context

Notes: Other applications, possibly untrusted, can launch the Activity.

Scope: Availability, Integrity

Impact: Unexpected State, Gain Privileges or Assume Identity, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context

Notes: Other applications, possibly untrusted, can bind to the Service.

Scope: Confidentiality, Integrity

Impact: Read Application Data, Modify Application Data

Notes: Other applications, possibly untrusted, can read or modify the data that is offered by the Content Provider.

Related Weaknesses
  • Release Date:
  • 2013-07-17
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website