Potentially Intent Spoofing

Description

The application is vulnerable to intent spoofing which could result in the access and exploitation of unauthorized components.

Recommendation

It is recommended to apply proper input validation and parameter filtering on intent action.

Technical details
[TAINT] String 'Send email...' ==>>> Sink '['Lcom/cloudsinc/welltekmobile/native_v2_welltek/activities/BoerHubConnection;', 'startActivity', '(Landroid/content/Intent;)V', '0', 'IPC_SINK']' [[('Lcom/cloudsinc/welltekmobile/native_v2_welltek/activities/BoerHubConnection;', 'sendmail', '()V'), ('Lcom/cloudsinc/welltekmobile/native_v2_welltek/activities/BoerHubConnection;', 'startActivity', '(Landroid/content/Intent;)V')]]

Use of a string value Send email... to construct an Intent

Method com.cloudsinc.welltekmobile.native_v2_welltek.activities.BoerHubConnection.sendmail():


    private void sendmail()
    {
        android.net.Uri v2 = android.net.Uri.fromFile(new java.io.File(android.os.Environment.getExternalStorageDirectory().getAbsolutePath(), "logcat.txt"));
        android.content.Intent v0_0 = new android.content.Intent("android.intent.action.SEND");
        v0_0.setType("vnd.android.cursor.dir/email");
        String[] v3 = new String[1];
        v3[0] = "jaid.shaikh@nciportal.com";
        v0_0.putExtra("android.intent.extra.EMAIL", v3);
        v0_0.putExtra("android.intent.extra.STREAM", v2);
        v0_0.putExtra("android.intent.extra.SUBJECT", "Error log");
        this.startActivity(android.content.Intent.createChooser(v0_0, "Send email..."));
        return;
    }

Method com.cloudsinc.welltekmobile.native_v2_welltek.activities.BoerHubConnection.startActivity() not found.

[TAINT] String 'v2.0_native Crash log file' ==>>> Sink '['Landroid/content/Intent;', 'putExtra', '(Ljava/lang/String; Ljava/lang/String;)Landroid/content/Intent;', '1', 'IPC_SINK']' [[('Lcom/cloudsinc/welltekmobile/native_v2_welltek/application/App$1;', 'uncaughtException', '(Ljava/lang/Thread; Ljava/lang/Throwable;)V'), ('Lcom/cloudsinc/welltekmobile/native_v2_welltek/application/App;', 'handleUncaughtException', '(Ljava/lang/Thread; Ljava/lang/Throwable;)V'), ('Landroid/content/Intent;', 'putExtra', '(Ljava/lang/String; Ljava/lang/String;)Landroid/content/Intent;')]]

Use of a string value v2.0_native Crash log file to construct an Intent

Method com.cloudsinc.welltekmobile.native_v2_welltek.application.App$1.uncaughtException():


    public void uncaughtException(Thread p2, Throwable p3)
    {
        this.this$0.handleUncaughtException(p2, p3);
        return;
    }

Method com.cloudsinc.welltekmobile.native_v2_welltek.application.App.handleUncaughtException():


    public void handleUncaughtException(Thread p12, Throwable p13)
    {
        try {
            String v4 = android.util.Log.getStackTraceString(p13);
            p13.getMessage();
            android.content.pm.PackageInfo v3 = this.getPackageManager().getPackageInfo(this.getPackageName(), 0);
            int v6 = v3.versionCode;
            String v5 = v3.versionName;
            android.content.Intent v1_1 = new android.content.Intent("android.intent.action.SEND");
            v1_1.setType("message/rfc822");
            String v8_1 = new String[2];
            v8_1[0] = "jaid.shaikh@nciportal.com";
            v8_1[1] = "nikhil.vharamble@nciportal.com";
            v1_1.putExtra("android.intent.extra.EMAIL", v8_1);
            v1_1.putExtra("android.intent.extra.SUBJECT", "v2.0_native Crash log file");
            v1_1.putExtra("android.intent.extra.TEXT", new StringBuilder().append("For version no.").append(v6).append(" And version name ").append(v5).append("\n\n").append(v4).toString());
            v1_1.setFlags(268435456);
            this.startActivity(v1_1);
        } catch (Exception v0) {
            com.cloudsinc.welltekmobile.native_v2_welltek.utils.Logs.error(this.getClass().getSimpleName(), new StringBuilder().append("----").append(v0.getMessage()).toString());
        }
        return;
    }

Method android.content.Intent.putExtra() not found.

[TAINT] String 'For version no.' ==>>> Sink '['Landroid/content/Intent;', 'putExtra', '(Ljava/lang/String; Ljava/lang/String;)Landroid/content/Intent;', '1', 'IPC_SINK']' [[('Lcom/cloudsinc/welltekmobile/native_v2_welltek/application/App$1;', 'uncaughtException', '(Ljava/lang/Thread; Ljava/lang/Throwable;)V'), ('Lcom/cloudsinc/welltekmobile/native_v2_welltek/application/App;', 'handleUncaughtException', '(Ljava/lang/Thread; Ljava/lang/Throwable;)V'), ('Landroid/content/Intent;', 'putExtra', '(Ljava/lang/String; Ljava/lang/String;)Landroid/content/Intent;')]]

Use of a string value For version no. to construct an Intent

Method com.cloudsinc.welltekmobile.native_v2_welltek.application.App$1.uncaughtException():


    public void uncaughtException(Thread p2, Throwable p3)
    {
        this.this$0.handleUncaughtException(p2, p3);
        return;
    }

Method com.cloudsinc.welltekmobile.native_v2_welltek.application.App.handleUncaughtException():


    public void handleUncaughtException(Thread p12, Throwable p13)
    {
        try {
            String v4 = android.util.Log.getStackTraceString(p13);
            p13.getMessage();
            android.content.pm.PackageInfo v3 = this.getPackageManager().getPackageInfo(this.getPackageName(), 0);
            int v6 = v3.versionCode;
            String v5 = v3.versionName;
            android.content.Intent v1_1 = new android.content.Intent("android.intent.action.SEND");
            v1_1.setType("message/rfc822");
            String v8_1 = new String[2];
            v8_1[0] = "jaid.shaikh@nciportal.com";
            v8_1[1] = "nikhil.vharamble@nciportal.com";
            v1_1.putExtra("android.intent.extra.EMAIL", v8_1);
            v1_1.putExtra("android.intent.extra.SUBJECT", "v2.0_native Crash log file");
            v1_1.putExtra("android.intent.extra.TEXT", new StringBuilder().append("For version no.").append(v6).append(" And version name ").append(v5).append("\n\n").append(v4).toString());
            v1_1.setFlags(268435456);
            this.startActivity(v1_1);
        } catch (Exception v0) {
            com.cloudsinc.welltekmobile.native_v2_welltek.utils.Logs.error(this.getClass().getSimpleName(), new StringBuilder().append("----").append(v0.getMessage()).toString());
        }
        return;
    }

Method android.content.Intent.putExtra() not found.

[TAINT] String 'v2.0_native Crash log file' ==>>> Sink '['Landroid/content/Intent;', 'putExtra', '(Ljava/lang/String; Ljava/lang/String;)Landroid/content/Intent;', '1', 'IPC_SINK']' [[('Lcom/cloudsinc/welltekmobile/native_v2_welltek/application/App;', 'handleUncaughtException', '(Ljava/lang/Thread; Ljava/lang/Throwable;)V'), ('Landroid/content/Intent;', 'putExtra', '(Ljava/lang/String; Ljava/lang/String;)Landroid/content/Intent;')]]

Use of a string value v2.0_native Crash log file to construct an Intent

Method com.cloudsinc.welltekmobile.native_v2_welltek.application.App.handleUncaughtException():


    public void handleUncaughtException(Thread p12, Throwable p13)
    {
        try {
            String v4 = android.util.Log.getStackTraceString(p13);
            p13.getMessage();
            android.content.pm.PackageInfo v3 = this.getPackageManager().getPackageInfo(this.getPackageName(), 0);
            int v6 = v3.versionCode;
            String v5 = v3.versionName;
            android.content.Intent v1_1 = new android.content.Intent("android.intent.action.SEND");
            v1_1.setType("message/rfc822");
            String v8_1 = new String[2];
            v8_1[0] = "jaid.shaikh@nciportal.com";
            v8_1[1] = "nikhil.vharamble@nciportal.com";
            v1_1.putExtra("android.intent.extra.EMAIL", v8_1);
            v1_1.putExtra("android.intent.extra.SUBJECT", "v2.0_native Crash log file");
            v1_1.putExtra("android.intent.extra.TEXT", new StringBuilder().append("For version no.").append(v6).append(" And version name ").append(v5).append("\n\n").append(v4).toString());
            v1_1.setFlags(268435456);
            this.startActivity(v1_1);
        } catch (Exception v0) {
            com.cloudsinc.welltekmobile.native_v2_welltek.utils.Logs.error(this.getClass().getSimpleName(), new StringBuilder().append("----").append(v0.getMessage()).toString());
        }
        return;
    }

Method android.content.Intent.putExtra() not found.

[TAINT] String 'For version no.' ==>>> Sink '['Landroid/content/Intent;', 'putExtra', '(Ljava/lang/String; Ljava/lang/String;)Landroid/content/Intent;', '1', 'IPC_SINK']' [[('Lcom/cloudsinc/welltekmobile/native_v2_welltek/application/App;', 'handleUncaughtException', '(Ljava/lang/Thread; Ljava/lang/Throwable;)V'), ('Landroid/content/Intent;', 'putExtra', '(Ljava/lang/String; Ljava/lang/String;)Landroid/content/Intent;')]]

Use of a string value For version no. to construct an Intent

Method com.cloudsinc.welltekmobile.native_v2_welltek.application.App.handleUncaughtException():


    public void handleUncaughtException(Thread p12, Throwable p13)
    {
        try {
            String v4 = android.util.Log.getStackTraceString(p13);
            p13.getMessage();
            android.content.pm.PackageInfo v3 = this.getPackageManager().getPackageInfo(this.getPackageName(), 0);
            int v6 = v3.versionCode;
            String v5 = v3.versionName;
            android.content.Intent v1_1 = new android.content.Intent("android.intent.action.SEND");
            v1_1.setType("message/rfc822");
            String v8_1 = new String[2];
            v8_1[0] = "jaid.shaikh@nciportal.com";
            v8_1[1] = "nikhil.vharamble@nciportal.com";
            v1_1.putExtra("android.intent.extra.EMAIL", v8_1);
            v1_1.putExtra("android.intent.extra.SUBJECT", "v2.0_native Crash log file");
            v1_1.putExtra("android.intent.extra.TEXT", new StringBuilder().append("For version no.").append(v6).append(" And version name ").append(v5).append("\n\n").append(v4).toString());
            v1_1.setFlags(268435456);
            this.startActivity(v1_1);
        } catch (Exception v0) {
            com.cloudsinc.welltekmobile.native_v2_welltek.utils.Logs.error(this.getClass().getSimpleName(), new StringBuilder().append("----").append(v0.getMessage()).toString());
        }
        return;
    }

Method android.content.Intent.putExtra() not found.