6. Magic of Manifest - AndroidManifest.xml
1. Provides crystal clear exported components
2. Entry point to any component with help of Intent filters
3. Network configurations
4. Permission model & Custom permissions
10. Rule #3
Intent-filter
actions
Chain with the above Rule #1 & 2 and
check for permission check
● Considered as exported=”true”
● Contains Meta data for
component action
● Filters data type, host, URI path
check
● Fails if exported=”false”
21. 1. Access all C-R-U-D queries in the provider
2. Direct impact on application sqlite database
3. Check for all tables and dump the database
Exported Provider - Plain Vanilla bug 😊
22. 1. Providers without exported attribute are by open by default in API <
16
2. Apps that are compiled using <= 16 SDK without exported attribute
is open in all API levels ( even above API level 17 )
Attention - Interesting Fact - Platform
Feature/BUG
25. Before submitting Bug
1. If the provider doesn’t returns data even though the component is
Exported ?
2. What type of data ? ( PII / public data / SD card data )
3. Is Internal App space files are exposed ?
4. Is the provider is behind cryptographic function ( Not an Issue )
5. Signature permission checks and UID check
6. No physical device access or Rooted Device case are accepted