Android Vulnerability Exported activity=true

Question

I have an application that has only 1 activity "MainActivity" and it must be divided in fragments, because there are 3 windows, one of them is the user details, and this activity (the main activity) has exported=true.

I want to know if this entails a security flaw in an Android APK:

I log in the application I start the activity with drozer: run app.activity.start --component com.member com.member.MainActivity I can see the user details, but not in the first display, I need to press another tab, which must be another fragment inside the MainActivity.

Is it the normal behavior? It is true that exported activities can be used by apps with a different uid, but the user must be logged in, which problem does it entail?

Regards!

Answer 1

Is it the normal behavior?

If by "the normal behavior" you mean that exported activities can be started by third-party apps, then yes.

It is true that exported activities can be used by apps with a different uid

If by "used" you mean "started", then yes.

For example, this activity of yours probably has this <intent-filter>:

            <intent-filter>
                <action android:name="android.intent.action.MAIN" />

                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>

This says "hey, anything that is a launcher, please include me in your roster of launchable activities!". The launcher is how most Android device owners start apps. If your activity is not exported, then the launcher would not be able to start your activity, and as a result the user will not be able to use your app.

Note that having an <intent-filter> on an <activity> automatically sets android:exported to true — you do not need to declare this manually.