If the package manager is written correctly, no, but of course, it
depends on the app in question, there could be other channels through
which you could observe the information having traveled (for example,
if the intent writes to a public SD card directory or something like
that).. In general: no.
On Tue, Oct 23, 2012 at 7:59 PM, Subbu Srinivasan <ssriniva...@gmail.com> wrote:
> We know that we can invoke an app using intents from another app, this can
> be intercepted if not done properly.
> Now question is- Can the results sent by the target intent intercepted by
> someone else?
> Thanks
> Subbu
> --
> You received this message because you are subscribed to the Google Groups
> "Android Security Discussions" group.
> To post to this group, send email to
> android-security-discuss@googlegroups.com.
> To unsubscribe from this group, send email to
> android-security-discuss+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/android-security-discuss?hl=en.
> If the package manager is written correctly, no, but of course, it > depends on the app in question, there could be other channels through > which you could observe the information having traveled (for example, > if the intent writes to a public SD card directory or something like > that).. In general: no.
> kris
> On Tue, Oct 23, 2012 at 7:59 PM, Subbu Srinivasan <ssrin...@gmail.com<javascript:>> > wrote: > > We know that we can invoke an app using intents from another app, this > can > > be intercepted if not done properly.
> > Now question is- Can the results sent by the target intent intercepted > by > > someone else?
> > Thanks > > Subbu
> > -- > > You received this message because you are subscribed to the Google > Groups > > "Android Security Discussions" group. > > To post to this group, send email to > > android-secu...@googlegroups.com <javascript:>. > > To unsubscribe from this group, send email to > > android-security-discuss+unsubscribe@googlegroups.com <javascript:>. > > For more options, visit this group at > > http://groups.google.com/group/android-security-discuss?hl=en.
You shouldn't be able to, if you're running on vanilla firmware. If
you could intercept information from other apps, I'd see this as a
huge hole in the Android platform.
On Wed, Oct 24, 2012 at 9:03 PM, lyrik Huang <hust...@gmail.com> wrote:
> So can you tell us more details about how to intercept a information that
> travels in the system?
>> If the package manager is written correctly, no, but of course, it
>> depends on the app in question, there could be other channels through
>> which you could observe the information having traveled (for example,
>> if the intent writes to a public SD card directory or something like
>> that).. In general: no.
>> kris
>> On Tue, Oct 23, 2012 at 7:59 PM, Subbu Srinivasan <ssrin...@gmail.com>
>> wrote:
>> > We know that we can invoke an app using intents from another app, this
>> > can
>> > be intercepted if not done properly.
>> > Now question is- Can the results sent by the target intent intercepted
>> > by
>> > someone else?
>> > Thanks
>> > Subbu
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Android Security Discussions" group.
>> > To post to this group, send email to
>> > android-secu...@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > android-security-discuss+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/android-security-discuss?hl=en.
> To post to this group, send email to
> android-security-discuss@googlegroups.com.
> To unsubscribe from this group, send email to
> android-security-discuss+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/android-security-discuss?hl=en.
thanks, I asked this question just because I want to know whether a hacker can create an application to collect the data travelling in and out of some specific applications.
I know what you maen now, so it is impossible to intercept another application's information unless the target appliaction is designed to be vulnerable.
For example, suppose that someone has created an application B and got a permission defined in application A,
let's say it's a broadcast receiver permission with which can receive information broadcasted by application A, and if the permission is not in a signature level, any application could be authorized with this permission.
so, by this way ,maybe application B could receive information which is not supposed to be sent to it.
> You shouldn't be able to, if you're running on vanilla firmware. If > you could intercept information from other apps, I'd see this as a > huge hole in the Android platform.
> Why would you want to do this?
> kris
> On Wed, Oct 24, 2012 at 9:03 PM, lyrik Huang <hus...@gmail.com<javascript:>> > wrote: > > So can you tell us more details about how to intercept a information > that > > travels in the system?
> >> If the package manager is written correctly, no, but of course, it > >> depends on the app in question, there could be other channels through > >> which you could observe the information having traveled (for example, > >> if the intent writes to a public SD card directory or something like > >> that).. In general: no.
> >> kris
> >> On Tue, Oct 23, 2012 at 7:59 PM, Subbu Srinivasan <ssrin...@gmail.com> > >> wrote: > >> > We know that we can invoke an app using intents from another app, > this > >> > can > >> > be intercepted if not done properly.
> >> > Now question is- Can the results sent by the target intent > intercepted > >> > by > >> > someone else?
> >> > Thanks > >> > Subbu
> >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Android Security Discussions" group. > >> > To post to this group, send email to > >> > android-secu...@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > android-security-discuss+unsubscribe@googlegroups.com <javascript:>. > >> > For more options, visit this group at > >> > http://groups.google.com/group/android-security-discuss?hl=en.
> > To post to this group, send email to > > android-secu...@googlegroups.com <javascript:>. > > To unsubscribe from this group, send email to > > android-security-discuss+unsubscribe@googlegroups.com <javascript:>. > > For more options, visit this group at > > http://groups.google.com/group/android-security-discuss?hl=en.
<krismicin...@gmail.com> wrote:
> Well, yes, if you write your intent policies in a bad way, have public
> facing broadcast intents, etc..., then of course.
> kris
> On Wed, Oct 24, 2012 at 9:24 PM, lyrik Huang <hust...@gmail.com> wrote:
>> thanks, I asked this question just because I want to know whether a hacker
>> can create an application to collect the data travelling in and out of some
>> specific applications.
>> I know what you maen now, so it is impossible to intercept another
>> application's information unless the target appliaction is designed to be
>> vulnerable.
>> For example, suppose that someone has created an application B and got a
>> permission defined in application A,
>> let's say it's a broadcast receiver permission with which can receive
>> information broadcasted by application A,
>> and if the permission is not in a signature level, any application could be
>> authorized with this permission.
>> so, by this way ,maybe application B could receive information which is not
>> supposed to be sent to it.
>>> You shouldn't be able to, if you're running on vanilla firmware. If
>>> you could intercept information from other apps, I'd see this as a
>>> huge hole in the Android platform.
>>> Why would you want to do this?
>>> kris
>>> On Wed, Oct 24, 2012 at 9:03 PM, lyrik Huang <hus...@gmail.com> wrote:
>>> > So can you tell us more details about how to intercept a information
>>> > that
>>> > travels in the system?
>>> >> If the package manager is written correctly, no, but of course, it
>>> >> depends on the app in question, there could be other channels through
>>> >> which you could observe the information having traveled (for example,
>>> >> if the intent writes to a public SD card directory or something like
>>> >> that).. In general: no.
>>> >> kris
>>> >> On Tue, Oct 23, 2012 at 7:59 PM, Subbu Srinivasan <ssrin...@gmail.com>
>>> >> wrote:
>>> >> > We know that we can invoke an app using intents from another app,
>>> >> > this
>>> >> > can
>>> >> > be intercepted if not done properly.
>>> >> > Now question is- Can the results sent by the target intent
>>> >> > intercepted
>>> >> > by
>>> >> > someone else?
>>> >> > Thanks
>>> >> > Subbu
>>> >> > --
>>> >> > You received this message because you are subscribed to the Google
>>> >> > Groups
>>> >> > "Android Security Discussions" group.
>>> >> > To post to this group, send email to
>>> >> > android-secu...@googlegroups.com.
>>> >> > To unsubscribe from this group, send email to
>>> >> > android-security-discuss+unsubscribe@googlegroups.com.
>>> >> > For more options, visit this group at
>>> >> > http://groups.google.com/group/android-security-discuss?hl=en.
>>> > To post to this group, send email to
>>> > android-secu...@googlegroups.com.
>>> > To unsubscribe from this group, send email to
>>> > android-security-discuss+unsubscribe@googlegroups.com.
>>> > For more options, visit this group at
>>> > http://groups.google.com/group/android-security-discuss?hl=en.
>> To post to this group, send email to
>> android-security-discuss@googlegroups.com.
>> To unsubscribe from this group, send email to
>> android-security-discuss+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/android-security-discuss?hl=en.
