Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove unhackable stuff #25

Closed
mzfr opened this issue Oct 18, 2020 · 0 comments
Closed

Remove unhackable stuff #25

mzfr opened this issue Oct 18, 2020 · 0 comments
Labels
enhancement New feature or request

Comments

@mzfr
Copy link
Owner

mzfr commented Oct 18, 2020

In lots of apk there are some activities/receivers/services which are exported but nothing malicious is possible from them like net.openid.appauth.RedirectUriReceiverActivity this activity is used by many applications for oauth functionality.

Now, this is not vulnerable because they don't use webview(:cry:) instead of open everything in the external browser and we know that anything out of the context of app is not in scope of the bounty.

There are many other activities/receivers/services which have this kind of nature. It would be nice if we get rid of them.
@mzfr mzfr added the enhancement New feature or request label Oct 18, 2020
mzfr pushed a commit that referenced this issue Oct 18, 2020
Fix for issue #25
50589ac 
With time I'll add more components to this map
@mzfr mzfr closed this as completed Oct 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mzfr