[android-security-discuss] Did the permission enforcement change between android 2.3.3 and android 4.2 and could this be used against maliscious attacks?

[puffin137]

I am just playing with a certain scenario of 
inter-application-communication, and trying to circumvent the problem that 
in 
Android the main activity of an application can't be secured by a custom 
permisssion (as in that case it can't be launched at all).

I tried to use two activities instead: 1) The main activity which is not 
protected. 2) When a button is clicked, the main activity 
sends an explicit Intent to start the second activity. That one performs 
some sensitive work and is protected by a custom permission 
("toy.test.permission.ACTIVATE_SECOND_ACTIVITY").
The idea being that if the main activity is either started by the user from 
the launcher or by a foreign maliscious application using 
an explicit intent, we can warn the user before he pushes the button to 
proceed.

public class MainActivity extends Activity {
@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.main_activity);
    final Button start = (Button) findViewById(R.id.start);
    start.setOnClickListener(new View.OnClickListener() {
        public void onClick(View v) {
            Intent activateIntent = new Intent(MainActivity.this,
                    SecondActivity.class);
            startActivity(activateIntent);
            finish();
        }
    });  ....

The Manifest.xml file looks like that:

<application
    android:icon="@drawable/icon"
    android:label="@string/app_name"
    android:theme="@style/AppTheme" >
    <activity
        android:name=".MainActivity"
        android:label="@string/app_name"
        android:theme="@style/AppTheme" >
        <intent-filter>
            <action android:name="android.intent.action.MAIN" />

            <category android:name="android.intent.category.LAUNCHER" />
        </intent-filter>            
    </activity>
    <activity
        android:name=".SecondActivity"
        android:label="@string/second_activity_name"
        android:theme="@style/AppTheme"
        android:permission="toy.test.permission.ACTIVATE_SECOND_ACTIVITY" >
        <intent-filter>
            <action android:name="toy.test.action.ACTIVATE_SECOND_ACTIVITY" 
/>

            <category android:name="android.intent.category.DEFAULT" />
        </intent-filter>
    </activity>            
</application>

In addition, the SecondActivity can be started from a friend application by 
either an implicit or an explicit Intent with 
actionString="toy.test.action.ACTIVATE_SECOND_ACTIVITY" 
using the permission "toy.test.permission.ACTIVATE_SECOND_ACTIVITY".

The friend application's declaration of the permission in its Manifest is 
like that: 
<permission 
    android:name="toy.test.permission.ACTIVATE_SECOND_ACTIVITY" 
    android:description="@string/activate_activity_permission_description" 
    android:label="@string/activate_activity_permission_label" 
    android:permissionGroup="android.permission-group.PERSONAL_INFO" 
    android:protectionLevel="signature" /> 


Now the difference between android 2.3.3 and android 4.2:
==========================================
On an android 4.2 device or emulator, the SecondActivity can be started 
from the MainActivity by clicking the Start button without any problems, 
although 
the application does not ask explicitly for the permission 
"toy.test.permission.ACTIVATE_SECOND_ACTIVITY".

However, on an android 2.3.3 emulator, the SecondActivity can't be started 
because of SecurityException:

FATAL EXCEPTION: main
java.lang.SecurityException: Permission Denial: starting Intent { 
cmp=toy.test/.SecondActivity } 
from ProcessRecord{406827d0 405:toy.test/10034} (pid=405, uid=10034) 
requires
toy.test.permission.ACTIVATE_SECOND_ACTIVITY 

Question:
=========
I am confused: Was the permission enforcement changed between the two 
Android versions? And is it on purpose that android 4.2 allows such 
situations, 
i.e. activation of the SecondActivity without permission? (Of course, that 
would be useful.)

Let me specify my question: If android 4.2 now newly allows on purpose (as 
opposed to android 2.3.3) to start the SecondActivity from the 
MainActivity, 
would this scenario allow to secure the SecondActivity against maliscious 
attacks? I.e. the SecondActivity could only be started either directly from 
the MainActivity or from a friend application (implicit or explicit Intent) 
which asked for the signature permission, shown below. Is this correct or 
do 
I overlook something here?

Thanks a lot for any answers, 

puffin137

-- 
You received this message because you are subscribed to the Google Groups 
"Android Security Discussions" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/android-security-discuss/-/cIhv1tg3VrsJ.
To post to this group, send email to android-security-discuss@googlegroups.com.
To unsubscribe from this group, send email to 
android-security-discuss+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/android-security-discuss?hl=en.