Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • briar briar
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 783
    • Issues 783
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 9
    • Merge requests 9
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • briar
  • briarbriar
  • Issues
  • #909

Closed
Open
Created Mar 23, 2017 by akwizgran@akwizgranOwner

User disruption via exposed activities

A malicious app running in the background could continuously send crafted intents to annoy the user until she decides to uninstall Briar.

This issue can be confirmed by running the following ADB Commands:

adb shell am start -a "android.intent.action.MANAGE_NETWORK_USAGE" -n "org.briarproject.briar/org.briarproject.briar.android.settings.SettingsActivity"
adb shell am start -a "info.guardianproject.panic.action.CONNECT" -n "org.briarproject.briar/org.briarproject.briar.android.panic.PanicPreferencesActivity"
adb shell am start -a "android.intent.action.MAIN" -n
"org.briarproject.briar/org.briarproject.briar.android.splash.SplashScreenActivity"

This sequence displays the Briar settings, then the panic settings, then the splash screen, logging the user out.

These intents are all useful, but we should consider how to handle them in such a way that the potential disruption is minimised. The MANAGE_NETWORK_USAGE intent could be removed if necessary.

Assignee
Assign to
Time tracking