#OASAM-UIR: Unauthorized Intent Receipt
This category covers all the vulnerabilities related with the resolution of implicit Intent delivery. When an application sends an implicit Intent, there is no guarantee that a malicious application will not gather such Intent, since a malicious application could register a Intent Filter capable to pass the resolution (action, data and category), unless such Intent has a set of required permissions that the malicious user does not have. If a malicious application is able to intercept implicit Intents, it could have access to the execution of dataflow, being able to perform denial-of-service attacks or phishing. This category considers how this type of vulnerability can be exposed on particular components: Broadcast, Activities y Services.
The following controls are applied in this category:
OASAM-UIR-001: Broadcast Theft. Intent interception on Broadcast components.
OASAM-UIR-002: Activity Hijacking. Intent interception on Activity components.
OASAM-UIR-003: Service Hijacking. Intent interception on Service components.
OASAM-UIR-004:Weakness Special Intents. Pending Intent interception.