[ANSWERED] android – How to restrict launching activities from command line

Posted on

Solution 1 :

Activities serve as the presentation layer for the app.Their security and permissions are pretty straightforward and just consists of who can start the Activity. To require a certain permission to start an Activity, you need to add the permission attribute to the specific Activity’s entry in AndroidManifest.xml.
For example, If you have an HomeActivity, and to start this activity you need permission of LoginActivity ,then your Manifest file will look like this:

<manifest xmlns_android="http://schemas.android.com/apk/res/android" 
package="com.example.appname">

  <permission android_name="com.example.appname.permission.LoginActivity" android_protectionLevel="signature" />

  <application>
    <activity 
    android_name=".ui.homecreen.HomeActivity"
    android_exported="false" 
    android_permission="com.example.appname.permission.LoginActivity" />
  </application>
</manifest>

From the above example you can see that, if you want to Launch Homeactivity from command line using adb, then it will give error saying it is protected and needs permission. But if the hacker any how launches LoginActivity and then tries launching HomeActivity, then he will be granted access because the he has access to LoginActivity.

To tackle this problem i used the following code:

 <manifest xmlns_android="http://schemas.android.com/apk/res/android" 
package="com.example.appname">

  <permission android_name="com.example.appname.permission.HomeActivity" android_protectionLevel="signature" />

  <application>
    <activity 
    android_name=".ui.homecreen.HomeActivity"
    android_exported="false" 
    android_permission="com.example.appname.permission.HomeActivity" />
  </application>
</manifest>

You can see that, i have given the activity, its own permission. So now this activity will not accessed by any Third Party application like command line. And the Hacker won’t be able to break in your activities.

Problem :

Currently i have added android:exported="false" in the application manifest file to restrict access to exported activities. Using this solution i have tested on Device(Android 8) and android studio emulator(Android 10) and tried launching activity using adb shell am start -n from command line. This solution worked fine and was giving permission denied error, this solution only failed when i runned the app on emulator(Android 5.1.1)

READ  [ANSWERED] java - How can i create dots loading view like as google loader?

The problem : I took the same apk and tested on genymotion emulator(Android 9) and tried launching activity from command line. This time it didnt give any error and intent was launched to activity

please give solution in fixing this.

Currently I’m reading this Improper Export of Android Application Components