React Queries React Queries

MobSF Broadcast Receiver Issue

Started 2 months ago by Dhanasekar in React Native

1 replies 263 views
Dhanasekar replied 2 months ago

Permission: com.google.android.c2dm.permission.SEND [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device t...

Body

Permission: com.google.android.c2dm.permission.SEND [android:exported=true]

A Broadcast Receiver is found to be shared with other apps on the device therefore
leaving it accessible to any other application on the device. 
It is protected by a permission which is not defined in the analysed application. 
As a result, the protection level of the permission should be checked where it is 
defined. If it is set to normal or dangerous, a malicious application can request 
and obtain the permission and interact with the component. If it is set to signature, 
only applications signed with the same certificate can obtain the permission.
Tags: mobsf, security issue in react native, broadcast receiver issue, security, react native

1 Replies

  • Dhanasekar
    Dhanasekar

    Replied 2 months ago

    Report

    Just add this code in AndroidManifest.xml

    <permission

            android:name="com.google.android.c2dm.permission.SEND"

            android:protectionLevel="signature" />



    <receiver

        android:name=".YourSecondBroadcastReceiver"

        android:permission="com.google.android.c2dm.permission.SEND">

        <!-- Intent filters and other configurations -->

    </receiver>

Your experience on this site will be improved by allowing cookies.