sorry, forgot to reply all.. kris
On Wed, Oct 24, 2012 at 9:26 PM, Kristopher Micinski <[email protected]> wrote: > Well, yes, if you write your intent policies in a bad way, have public > facing broadcast intents, etc..., then of course. > > kris > > On Wed, Oct 24, 2012 at 9:24 PM, lyrik Huang <[email protected]> wrote: >> thanks, I asked this question just because I want to know whether a hacker >> can create an application to collect the data travelling in and out of some >> specific applications. >> I know what you maen now, so it is impossible to intercept another >> application's information unless the target appliaction is designed to be >> vulnerable. >> For example, suppose that someone has created an application B and got a >> permission defined in application A, >> let's say it's a broadcast receiver permission with which can receive >> information broadcasted by application A, >> and if the permission is not in a signature level, any application could be >> authorized with this permission. >> so, by this way ,maybe application B could receive information which is not >> supposed to be sent to it. >> >> 在 2012年10月25日星期四UTC+8上午9时06分43秒,Kristopher Micinski写道: >>> >>> You shouldn't be able to, if you're running on vanilla firmware. If >>> you could intercept information from other apps, I'd see this as a >>> huge hole in the Android platform. >>> >>> Why would you want to do this? >>> >>> kris >>> >>> On Wed, Oct 24, 2012 at 9:03 PM, lyrik Huang <[email protected]> wrote: >>> > So can you tell us more details about how to intercept a information >>> > that >>> > travels in the system? >>> > >>> > Regards. >>> > Lyrik. >>> > >>> > 在 2012年10月24日星期三UTC+8上午10时30分40秒,Kristopher Micinski写道: >>> >> >>> >> If the package manager is written correctly, no, but of course, it >>> >> depends on the app in question, there could be other channels through >>> >> which you could observe the information having traveled (for example, >>> >> if the intent writes to a public SD card directory or something like >>> >> that).. In general: no. >>> >> >>> >> kris >>> >> >>> >> On Tue, Oct 23, 2012 at 7:59 PM, Subbu Srinivasan <[email protected]> >>> >> wrote: >>> >> > We know that we can invoke an app using intents from another app, >>> >> > this >>> >> > can >>> >> > be intercepted if not done properly. >>> >> > >>> >> > Now question is- Can the results sent by the target intent >>> >> > intercepted >>> >> > by >>> >> > someone else? >>> >> > >>> >> > Thanks >>> >> > Subbu >>> >> > >>> >> > -- >>> >> > You received this message because you are subscribed to the Google >>> >> > Groups >>> >> > "Android Security Discussions" group. >>> >> > To post to this group, send email to >>> >> > [email protected]. >>> >> > To unsubscribe from this group, send email to >>> >> > [email protected]. >>> >> > For more options, visit this group at >>> >> > http://groups.google.com/group/android-security-discuss?hl=en. >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> > Groups >>> > "Android Security Discussions" group. >>> > To view this discussion on the web visit >>> > https://groups.google.com/d/msg/android-security-discuss/-/ReXFPhEkkiEJ. >>> > >>> > To post to this group, send email to >>> > [email protected]. >>> > To unsubscribe from this group, send email to >>> > [email protected]. >>> > For more options, visit this group at >>> > http://groups.google.com/group/android-security-discuss?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/android-security-discuss/-/zaOUjgjm4JEJ. >> >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
