Book Image

Learning Pentesting for Android Devices

By : Aditya Gupta
Book Image

Learning Pentesting for Android Devices

By: Aditya Gupta

Overview of this book

Table of Contents (18 chapters)
Learning Pentesting for Android Devices
Credits
Foreword
About the Author
Acknowledgments
About the Reviewers
www.PacktPub.com
Preface
Index

Content provider leakage


Many of the applications use content providers to store and query data within the application or the data from the phone. Unless the content providers have been defined to be accessed with permission, any other application could also access the application's data using the application's defined content providers. All content providers have a unique Uniform Resource Identifier (URI) in order to be identified and queried. The standard convention of naming the content provider's URIs is to start it with content://.

With an Android API-level lower than 17, the default property of a content provider is always exported. This means that unless the developer specifies the permissions, any application can access and query the data using the application's content provider. All content providers need to be registered in AndroidManifest.xml. So, we could just use Apktool on an application and check out the content providers by simply looking at the AndroidManifest.xml file.

The...