Intents
📌What is an intent?
In Android, Intents are a fundamental component for communication between different components within an application or across different applications.
They work with 3 of the 4 main application components: Activities, BroadcastReceivers, and Services.
📌Intent types
Intents can be categorized into two main types: explicit and implicit.
Explicit Intent: Specifies the target component (the destination), meaning we know exactly which application component will receive the intent.
Implicit Intent: Does not specify a target component directly. Instead, it declares a general action to perform, allowing the system to find the appropriate component(s) that can handle the intent based on the action and data provided.
Let's explore the differences between these two types in more detail:
📍Explicit Intents
Target Component Specified:
Explicit intents explicitly define the target component (activity, service, or broadcast receiver) that should handle the intent. This is achieved by specifying the target component's class name or its fully qualified package name.
Internal to the Application:
Typically used for communication within the same application. For example, starting a specific activity within the same app.
Example Code:
Intent explicitIntent = new Intent(CurrentActivity.this, TargetActivity.class); startActivity(explicitIntent); //Intent(CurrentActivity.this, TargetActivity.class) here we specified the source and destinationAdvantages:
Compile-time verification: The existence and correctness of the target component are checked at compile time.
More secure
Explicitly defines the flow within the app like moving between the activities in this picture.
Example
📍Implicit Intents
No Specific Component Specified:
Implicit intents do not explicitly specify the target component. Instead, they define an action to be performed and may include data or additional information.
Dynamic Component Resolution:
The Android system dynamically resolves the target component based on the intent's action, category, and data. Multiple components may respond to the same implicit intent.
Example Code:
Intent implicitIntent = new Intent(Intent.ACTION_VIEW, Uri.parse("http://www.example.com")); startActivity(implicitIntent);Advantages:
Flexibility: Allows components from different applications to respond to the same intent, promoting app interoperability.
Decoupling: Components can be replaced or extended without affecting the sending component.
📍Comparison
Use Case:
Use explicit intents when you know the target component at compile time and want to communicate within the same application.
Use implicit intents when you want the system to determine the appropriate component dynamically or when you want to interact with components from other applications.
Security:
Explicit intents are generally considered more secure because they explicitly specify the target component, reducing the risk of unintended component handling.
Implicit intents can potentially be intercepted by malicious apps, so they require careful handling of user inputs and proper validation.
📌Intent filter structure
In Android, the <intent-filter> tag is used in the application manifest file (AndroidManifest.xml) to declare the types of intents that a particular component, such as an activity, service, or broadcast receiver, can handle.
<intent-filter>: This tag encapsulates the specific filters for the intents that the activity can handle.<action>: Specifies the action that the activity can handle.<category>: Specifies a category for the intent.<data>: Specifies the data that the activity can handle or receive.
Consider an example where you want to declare an activity that can handle implicit intents for viewing a specific type of content, such as a web page. The
<intent-filter>tag specifies the types of actions and data the activity can handle.<activity android:name=".ViewWebPageActivity"> <intent-filter> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.DEFAULT" /> <data android:scheme="http" /> <data android:scheme="https" /> </intent-filter> </activity>Implicit Intents and
CATEGORY_DEFAULT:To receive implicit intents, include the
CATEGORY_DEFAULTcategory in the intent filter.startActivity()andstartActivityForResult()treat all intents as if they haveCATEGORY_DEFAULT.Failure to declare this category results in no resolution for implicit intents.
For more details
📌Hands-on intents
How do we start an activity explicitly?
To start an activity explicitly, you specify the exact package and activity name:
am start -n <package_name>/<activity_name> # ---------------Example---------------- am start -n com.example.app/com.example.app.MainActivity
How to start an activity implicitly?
To start an activity implicitly, you specify an intent action, category, and optional extras such as data:
am start -a <action> -c <category> --es <key> <value> # ---------------Example---------------- am start -a android.intent.action.VIEW -c android.intent.category.DEFAULT --es "url" "https://example.com"
📌Hacking Intents
Testing
Review
AndroidManifest.xmlfor exported components withintent-filters.Check for
android:exported="true".Look for
<intent-filter>entries specifyingactionorcategory.
Search for intent-handling code using
Intent intent = getIntent().Verify whether the component validates the received intent's data or extras.
Example AndroidManifest.xml:
<activity android:name=".ChangePin" android:exported="true"> <intent-filter> <action android:name="com.apphacking.changePin" /> <category android:name="android.intent.category.DEFAULT" /> </intent-filter> </activity>Example Vulnerable Code:
public void changeSettings(View view) { Intent intent = new Intent(this, ChangePin.class); intent.putExtra("username", username); startActivity(intent); }
Exploit
Crafting Intents in Java
codeIntent intent = new Intent(); intent.setAction("com.apphacking.changePin"); intent.putExtra("username", "user"); context.startActivity(intent);
Last updated