Skip to main content

App Components

Android apps are made up of different component types. There are four components that you will typically see:

  • Activity
  • Service
  • Broadcast Receiver
  • Content Provider

Each type performs specific actions within the context of the application. We will look at each one individaully and what we want to look for regarding security, and how we may exploit these during our testing engagements.

All app components are declared in the AndroidManifest.xml file, or by querying the app that is installed on the device. Additionally, once we decode/decompile the app, we can search the extracted code for the "Class" implementation of each component.

Activity

An Activity is essentially a "view" on the screen of the device. As such, an Activity is the entry point of the app. Typically, the Activity that loads on launch is called the MainActivity, and contains a flag identifying it as the launch Activity.

A couple of attributes that you will want to look for:

AttributeDescription
android:exported="true"Declares if the Activity is exported. If true, the activity can be launched by components of other applications.
android:name="com.vulnapp.activity.MainActivity"Provides the name of the Activity preceded by the package ID.
intent-filterAn implicit action which is used to perform a specific task in the Activity.

Review all of the attributes using the link below in the References section.

Intent Filters

Intent filters are a powerful feature in Android apps. They are designed to perform a spcific function within the Activity (or other components). There is typically an action, category, & data attribute associated with the intent filter.

Below is an example from the AndroidManifest.xml of an Activity with an Intent Filter:

<activity android:exported="true" android:label="@string/app_name" android:launchMode="singleTask" android:name="com.vulnapp.activity.MainLoginActivity" android:windowSoftInputMode="adjustResize|stateVisible">
    <intent-filter>
        <action android:name="android.intent.action.MAIN"/>
        <category android:name="android.intent.category.LAUNCHER"/>
    </intent-filter>
</activity>

Service

A Service is used to perform long-running operations in the background. Once a Service is started and running, it will continue to run in the background - even if the app is "closed" or another app is started. Additionally, a Service is used to perform interprocess communications (IPC).

<service android:exported="true" android:name="com.vulnapp.service.AuthService" android:process=":remote"/>

As seen in the above example, Services can also be exported allowing other components and apps to interact with the Service.

Broadcast Receiver

A Receiver allows the system to deliver events to the app. The system can deliver broadcasts even when the app is not running. Broadcast Receivers do not display a UI to the user, but they can send an alert to the app, which will update the appropriate Activity. For example, if an app has the tab bar at the bottom with icons, the Receiver would send an alert which could update a specific icon which could display a small notification on the icon.

Example from the AndroidManifest.xml file:

<receiver android:directBootAware="false" android:enabled="true" android:exported="true" android:name="androidx.profileinstaller.ProfileInstallReceiver" android:permission="android.permission.DUMP">
    <intent-filter>
        <action android:name="androidx.profileinstaller.action.INSTALL_PROFILE"/>
    </intent-filter>
</receiver>

A Receiver can be exported, and have intent filters.

Content Provider

A Provider manages the data that the app uses. This can be a file, SQLite Database, or other persistent storage available to the app. A Provider can be queried, modified, deleted, etc., based on what the app permits it to do.

Example from the AndroidManifest.xml file:

<provider android:authorities="com.vulnapp.provider.DBContentProvider" android:exported="true" android:multiprocess="true" android:name="com.vulnapp.provider.DBContentProvider">
    <path-permission android:path="/Keys" android:readPermission="com.vulnapp.READ_KEYS" android:writePermission="com.vulnapp.WRITE_KEYS"/>
    <path-permission android:path="/Keys/*" android:readPermission="com.vulnapp.READ_KEYS" android:writePermission="com.vulnapp.WRITE_KEYS"/>
</provider>

References

https://developer.android.com/guide/components/fundamentals#Components

https://developer.android.com/guide/topics/manifest/activity-element

https://developer.android.com/develop/background-work/services