最近看到一篇文献中讲到关于BroadcastReceiver的安全问题,不太明白
“ However, if a Broadcast Receiver registers to receive a system broadcast, the component becomes publicly accessible. In this case, a malicious application can send an Intent explicitly addressed to the target Receiver, without containing the system action string. If the Receiver does not check the Intent’s action, then the Receiver will be tricked into performing functionality that only the system should
be able to trigger.”如何通过显示的Intent发送广播,看过很多反编译的代码,查了相关资料也没找到这种做法,一般receiver在接收广播时都要action匹配啊,不然要怎么接收呢?请各位走过路过的大神指点一下,谢谢!Androidbroadcastreceiver安全
“ However, if a Broadcast Receiver registers to receive a system broadcast, the component becomes publicly accessible. In this case, a malicious application can send an Intent explicitly addressed to the target Receiver, without containing the system action string. If the Receiver does not check the Intent’s action, then the Receiver will be tricked into performing functionality that only the system should
be able to trigger.”如何通过显示的Intent发送广播,看过很多反编译的代码,查了相关资料也没找到这种做法,一般receiver在接收广播时都要action匹配啊,不然要怎么接收呢?请各位走过路过的大神指点一下,谢谢!Androidbroadcastreceiver安全
不过,英文中后面半句似乎不好理解。