Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
briar
briar
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 694
    • Issues 694
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 17
    • Merge Requests 17
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • briar
  • briarbriar
  • Issues
  • #909

Closed
Open
Opened Mar 23, 2017 by akwizgran@akwizgranOwner

User disruption via exposed activities

A malicious app running in the background could continuously send crafted intents to annoy the user until she decides to uninstall Briar.

This issue can be confirmed by running the following ADB Commands:

adb shell am start -a "android.intent.action.MANAGE_NETWORK_USAGE" -n "org.briarproject.briar/org.briarproject.briar.android.settings.SettingsActivity"
adb shell am start -a "info.guardianproject.panic.action.CONNECT" -n "org.briarproject.briar/org.briarproject.briar.android.panic.PanicPreferencesActivity"
adb shell am start -a "android.intent.action.MAIN" -n
"org.briarproject.briar/org.briarproject.briar.android.splash.SplashScreenActivity"

This sequence displays the Briar settings, then the panic settings, then the splash screen, logging the user out.

These intents are all useful, but we should consider how to handle them in such a way that the potential disruption is minimised. The MANAGE_NETWORK_USAGE intent could be removed if necessary.

Assignee
Assign to
Milestone G
Milestone
Milestone G (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: briar/briar#909