We had security discussions about the project, and the question was raised that transmitting unencrypted data through Intents could potentially be dangerous.
I wrote some examples and listed my findings below.
Implicit intentions - It is dangerous to send confidential data for implicit intentions, as someone else can use the same job filter that you have and intercept your data.
The explicit intent of the application is to send data securely through Intents. I wrote Intent Sniffer based on what Mark Murphy lists here, but was unable to intercept Int-application Intents. Using the New Task and One Task check boxes has not changed anything.
Explicit intentions for other applications - I was able to sniff intentions when I launched another application using the New Task flag.
Please let me know if all goes well, or if anyone else has alternative opinions. Is there any other scenario that I should test? Did I miss something?
source
share