Reputation: 4127
broadcaster permission for android.provider.Telephony.SMS_RECEIVED
I recently did a code scan on my Android source code using HPFortify service. They reported security vulnerability regarding one of the broadcast receivers. They suggested to use the broadcaster permission to reduce the attack vector. This way you are restricting broadcaster, otherwise any malicious application can send the intent and broadcast receiver will process it.
Here is a my actual code:
String ACTION = "android.provider.Telephony.SMS_RECEIVED"
IntentFilter smsFilter = new IntentFilter(SMSReceiver.ACTION);
smsFilter.setPriority(Integer.MAX_VALUE);
smsReceiver = createSMSReceiver(ctx, l);
ctx.registerReceiver(smsReceiver, smsFilter);
I am using the following permission to listen to the permission.
<uses-permission android:name="android.permission.RECEIVE_SMS"/>
Ideally the last line of the code should be like:
ctx.registerReceiver(smsReceiver, smsFilter, "XXX.boradcaster.permission.XXX", null);
I am not able to figure out the broadcast receiver permission. Can anyone suggest how to figure out this?
Upvotes: 1
Views: 1224
Answers (1)
Reputation: 39191
The permission you're looking for is "android.permission.BROADCAST_SMS", or you can use the android.Manifest.permission.BROADCAST_SMS constant.
Upvotes: 2
Related Questions
- What permission do I need to access Internet from an Android application?
- Proper use cases for Android UserManager.isUserAGoat()?
- How can I programmatically open the permission screen for a specific app on Android 6.0 (Marshmallow)?
- Exception 'open failed: EACCES (Permission denied)' on Android
- Android: Incoming call listener without permission
- broadcaster permission for android.net.conn.CONNECTIVITY_CHANGE
- Permission Denial: broadcasting Intent act=android.provider.Telephony.SMS_RECEIVED
- private broadcast sender and receiver permissions
- What is the point of defining actions within intent filters on a reciever tag