Intent Redirection and App Security in Android 13

There have been a lot of security concerns over time over various Android resources, and as we continue moving towards the digital age, they will continue to keep arising. Android 13 comes in command by bringing certain checks into places that help to sustain and improve the overall security of the Android system, many changes introduced are by either permission or by other means. A new method to prevent security issues is by securing the intent redirects which place inside your Android App when it transitions between two activities, and then prevent cross intent redirects if they go wrong. In this article, we will be knowing how can we implement this intent-redirection, why is it needed, and how can it benefit you, so without further ado, let’s get straight into this.

How Android 13 Makes the App Safe using Intent Redirection?

In the context of a vulnerable app, intent redirection happens when an attacker has partial or complete influence over the contents of an intent used to launch a new component. There are various ways to provide the intent that will be used to create the new component, but the two that are most frequently used are marshaling the intent to a string and parsing it. An identical outcome can also be achieved by only controlling some parameters.

How brutal can the impact be?

The vulnerable app’s internal logic may be executed by an attacker, or it could provide access to secret elements such as undeclared ContentProvider objects. You may also see other code being injected within your application if by chance some of your intent remains exposed outside the intent redirection policy, you need to secure all the latch points.

How to drive your app away from unsecured endpoints?

Avoid exposing functionality for redirecting nested intents in general. Apply the following mitigation techniques when it’s unavoidable:

1. Sanitize the packed information as needed. It’s crucial to keep in mind to check or delete flags (GRANT_URI_PERMISSIONS) and to verify the location of intent redirects. This procedure can be aided with IntentSanitizer.
   Utilize items with PendingIntent. 
2. This makes the target action intent immutable and forbids the export of your component.

How to Resolve and implement intent redirection. You can use the Package Resolver by the following code to add intent safety and then redirect it using the safety flag, you can then add the app to the safe list. Once the package is marked safe, you can then move forward by doing the necessary changes.

Common Mistakes to Avoid

1. Examining the non-null value that getCallingActivity() returns. This function can receive a null value from malicious programs.
2. Assuming that checkCallingPermission() returns an integer in all circumstances or that it throws an exception when it should.
3. You can enable a debugging capability for apps that target Android 12 (API level 31) or higher, which may help you determine whether your app is launching an intent in an unsafe manner.
4. The app relies on internal material to function. For instance, the mail app may connect data from its own internal content provider rather than an external image after receiving a URI from an attacker.
5. The program serves as a proxy for the attacker, who uses it to access the data of another application. For example in a Geeks for Geeks article, when we happen to attach a file using the app, then an app X might look at the data when the GfG app starts to browse the information, which leads to a breach.

GeekTip: The system detects an unsafe intent launch when your program does both of the following, and a StrictMode violation results.

A provided intent’s extras are unparcelled by your app to reveal a nested intent. Using that nested intent, your app quickly launches an app component, such as by sending the intent to startActivity(), startService(), or bindService ()

Conclusion

Malicious apps may be able to access private app components or files thanks to intent redirection, but this has been put on a check in the newer versions of Android, this can be avoided in many ways, but now as there is an official method to do that, it’s easier than ever to implement the mechanism in your Android app, you may also need to take note about the various intents which happen inside your application and check if they are secure and safely latched.