Untrusted Intent Processing

Processing intents from untrusted sources without validation can lead to security vulnerabilities. This is especially critical in exported components.

Quick Fix

Always validate the data in incoming intents, especially those from exported components. Use checkCallingPermission() and validate intent data before processing.

What Gets Detected

Detection Type:CODE PATTERN

Patterns detected:

/getIntent\(\)\.get.*Extra.*startActivity//getIntent\(\)\.get.*Extra.*sendBroadcast//getSerializableExtra.*as\s+Intent//getParcelableExtra.*Intent::class//intent\.data.*startActivity/

/\bgetIntent\(\)[\s\S]{0,160}\b(getStringExtra|getParcelableExtra|getSerializableExtra)\b[\s\S]{0,200}\b(startActivity|sendBroadcast|setResult)\b/i

/\bintent\.(getData|getStringExtra|getParcelableExtra)\b[\s\S]{0,200}\b(startActivity|sendBroadcast)\b/i

View Official Google Play Documentation

Check Your App

Scan your project to see if this rule affects your app

Run Free Scan

Related Rules

WARNING1.2

Untrusted Intent Processing

Quick Fix

What Gets Detected

Check Your App

Related Rules

User-Generated Content Reporting Required

User Blocking Required

UGC Filtering Controls Required

Published User-Support Contact Required