Potentially Intent Spoofing

Description

The application is vulnerable to intent spoofing which could result in the access and exploitation of unauthorized components.

Recommendation

It is recommended to apply proper input validation and parameter filtering on intent action.

References
Technical details
[TAINT] String 'Hey check out my app at: https://play.google.com/store/apps/details?id=' ==>>> Sink '['Landroid/content/Intent;', 'putExtra', '(Ljava/lang/String; Ljava/lang/String;)Landroid/content/Intent;', '1', 'IPC_SINK']' [[('Lcom/recoverimages/datarestorepicturecanfreeapp/Main2Activity;', 'onOptionsItemSelected', '(Landroid/view/MenuItem;)Z'), ('Landroid/content/Intent;', 'putExtra', '(Ljava/lang/String; Ljava/lang/String;)Landroid/content/Intent;')]]

Use of a string value Hey check out my app at: https://play.google.com/store/apps/details?id= to construct an Intent

Method com.recoverimages.datarestorepicturecanfreeapp.Main2Activity.onOptionsItemSelected():


    public boolean onOptionsItemSelected(android.view.MenuItem p8)
    {
        boolean v2 = 1;
        switch (p8.getItemId()) {
            case 2131624226:
                this.startActivity(new android.content.Intent(this, com.recoverimages.datarestorepicturecanfreeapp.Settings));
                this.mInterstitialAd.show();
                this.mInterstitialAd.loadAd(this.adRequest2);
                break;
            case 2131624227:
                this.startActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse("https://play.google.com/store/apps/developer?id=Rpaul")));
                break;
            case 2131624228:
                this.startActivity(new android.content.Intent(this, com.recoverimages.datarestorepicturecanfreeapp.AboutActivity));
                this.mInterstitialAd.show();
                this.mInterstitialAd.loadAd(this.adRequest2);
                break;
            case 2131624229:
                android.content.Intent v1_1 = new android.content.Intent();
                v1_1.setAction("android.intent.action.SEND");
                v1_1.putExtra("android.intent.extra.TEXT", new StringBuilder().append("Hey check out my app at: https://play.google.com/store/apps/details?id=").append(this.getPackageName()).append("&hl=en").toString());
                v1_1.putExtra("android.intent.extra.SUBJECT", "Restore deleted photo");
                v1_1.setType("text/plain");
                this.startActivity(v1_1);
                break;
            case 2131624230:
                android.support.v7.app.AlertDialog v0 = new android.support.v7.app.AlertDialog$Builder(this).create();
                v0.setTitle("Info");
                v0.setMessage(this.getResources().getString(2131165220));
                v0.setButton(-3, "OK", new com.recoverimages.datarestorepicturecanfreeapp.Main2Activity$9(this));
                v0.show();
                break;
            case 2131624231:
                this.startActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse(new StringBuilder().append("https://play.google.com/store/apps/details?id=").append(this.getPackageName()).append("&hl=en").toString())));
                break;
            default:
                v2 = super.onOptionsItemSelected(p8);
        }
        return v2;
    }

Method android.content.Intent.putExtra() not found.

[TAINT] String 'https://play.google.com/store/apps/developer?id=Rpaul' ==>>> Sink '['Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V', '1', 'IPC_SINK']' [[('Lcom/recoverimages/datarestorepicturecanfreeapp/Main2Activity;', 'onOptionsItemSelected', '(Landroid/view/MenuItem;)Z'), ('Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V')]]

Use of a string value https://play.google.com/store/apps/developer?id=Rpaul to construct an Intent

Method com.recoverimages.datarestorepicturecanfreeapp.Main2Activity.onOptionsItemSelected():


    public boolean onOptionsItemSelected(android.view.MenuItem p8)
    {
        boolean v2 = 1;
        switch (p8.getItemId()) {
            case 2131624226:
                this.startActivity(new android.content.Intent(this, com.recoverimages.datarestorepicturecanfreeapp.Settings));
                this.mInterstitialAd.show();
                this.mInterstitialAd.loadAd(this.adRequest2);
                break;
            case 2131624227:
                this.startActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse("https://play.google.com/store/apps/developer?id=Rpaul")));
                break;
            case 2131624228:
                this.startActivity(new android.content.Intent(this, com.recoverimages.datarestorepicturecanfreeapp.AboutActivity));
                this.mInterstitialAd.show();
                this.mInterstitialAd.loadAd(this.adRequest2);
                break;
            case 2131624229:
                android.content.Intent v1_1 = new android.content.Intent();
                v1_1.setAction("android.intent.action.SEND");
                v1_1.putExtra("android.intent.extra.TEXT", new StringBuilder().append("Hey check out my app at: https://play.google.com/store/apps/details?id=").append(this.getPackageName()).append("&hl=en").toString());
                v1_1.putExtra("android.intent.extra.SUBJECT", "Restore deleted photo");
                v1_1.setType("text/plain");
                this.startActivity(v1_1);
                break;
            case 2131624230:
                android.support.v7.app.AlertDialog v0 = new android.support.v7.app.AlertDialog$Builder(this).create();
                v0.setTitle("Info");
                v0.setMessage(this.getResources().getString(2131165220));
                v0.setButton(-3, "OK", new com.recoverimages.datarestorepicturecanfreeapp.Main2Activity$9(this));
                v0.show();
                break;
            case 2131624231:
                this.startActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse(new StringBuilder().append("https://play.google.com/store/apps/details?id=").append(this.getPackageName()).append("&hl=en").toString())));
                break;
            default:
                v2 = super.onOptionsItemSelected(p8);
        }
        return v2;
    }

Method android.content.Intent.<init>() not found.

[TAINT] String 'https://play.google.com/store/apps/details?id=' ==>>> Sink '['Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V', '1', 'IPC_SINK']' [[('Lcom/recoverimages/datarestorepicturecanfreeapp/Main2Activity$4;', 'onClick', '(Landroid/view/View;)V'), ('Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V')]]

Use of a string value https://play.google.com/store/apps/details?id= to construct an Intent

Method com.recoverimages.datarestorepicturecanfreeapp.Main2Activity$4.onClick():


    public void onClick(android.view.View p6)
    {
        this.this$0.startActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse(new StringBuilder().append("https://play.google.com/store/apps/details?id=").append(this.this$0.getPackageName()).append("&hl=en").toString())));
        return;
    }

Method android.content.Intent.<init>() not found.

[TAINT] String 'https://play.google.com/store/apps/developer?id=Rpaul' ==>>> Sink '['Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V', '1', 'IPC_SINK']' [[('Lcom/recoverimages/datarestorepicturecanfreeapp/Main2Activity$1;', 'onClick', '(Landroid/view/View;)V'), ('Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V')]]

Use of a string value https://play.google.com/store/apps/developer?id=Rpaul to construct an Intent

Method com.recoverimages.datarestorepicturecanfreeapp.Main2Activity$1.onClick():


    public void onClick(android.view.View p5)
    {
        this.this$0.startActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse("https://play.google.com/store/apps/developer?id=Rpaul")));
        return;
    }

Method android.content.Intent.<init>() not found.

[TAINT] String 'https://play.google.com/store/apps/developer?id=Rpaul' ==>>> Sink '['Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V', '1', 'IPC_SINK']' [[('Lcom/recoverimages/datarestorepicturecanfreeapp/AboutActivity$2;', 'onClick', '(Landroid/view/View;)V'), ('Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V')]]

Use of a string value https://play.google.com/store/apps/developer?id=Rpaul to construct an Intent

Method com.recoverimages.datarestorepicturecanfreeapp.AboutActivity$2.onClick():


    public void onClick(android.view.View p5)
    {
        this.this$0.startActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse("https://play.google.com/store/apps/developer?id=Rpaul")));
        return;
    }

Method android.content.Intent.<init>() not found.

[TAINT] String 'https://play.google.com/store/apps/details?id=' ==>>> Sink '['Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V', '1', 'IPC_SINK']' [[('Lcom/recoverimages/datarestorepicturecanfreeapp/AboutActivity$1;', 'onClick', '(Landroid/view/View;)V'), ('Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V')]]

Use of a string value https://play.google.com/store/apps/details?id= to construct an Intent

Method com.recoverimages.datarestorepicturecanfreeapp.AboutActivity$1.onClick():


    public void onClick(android.view.View p6)
    {
        this.this$0.startActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse(new StringBuilder().append("https://play.google.com/store/apps/details?id=").append(this.this$0.getPackageName()).append("&hl=en").toString())));
        return;
    }

Method android.content.Intent.<init>() not found.

[TAINT] String 'Hey check out my app at: https://play.google.com/store/apps/details?id=' ==>>> Sink '['Landroid/content/Intent;', 'putExtra', '(Ljava/lang/String; Ljava/lang/String;)Landroid/content/Intent;', '1', 'IPC_SINK']' [[('Lcom/recoverimages/datarestorepicturecanfreeapp/Settings;', 'onClick', '(Landroid/view/View;)V'), ('Landroid/content/Intent;', 'putExtra', '(Ljava/lang/String; Ljava/lang/String;)Landroid/content/Intent;')]]

Use of a string value Hey check out my app at: https://play.google.com/store/apps/details?id= to construct an Intent

Method com.recoverimages.datarestorepicturecanfreeapp.Settings.onClick():


    public void onClick(android.view.View p6)
    {
        switch (p6.getId()) {
            case 2131624156:
                this.storage_dilouge.show();
            case 2131624157:
            default:
                break;
            case 2131624158:
                android.content.Intent v0_1 = new android.content.Intent();
                v0_1.setAction("android.intent.action.SEND");
                v0_1.putExtra("android.intent.extra.TEXT", new StringBuilder().append("Hey check out my app at: https://play.google.com/store/apps/details?id=").append(this.getPackageName()).append("&hl=en").toString());
                v0_1.putExtra("android.intent.extra.SUBJECT", "Restore deleted photo");
                v0_1.setType("text/plain");
                this.startActivity(v0_1);
                break;
            case 2131624159:
                this.startActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse(new StringBuilder().append("market://details?id=").append(this.getPackageName()).toString())));
                break;
            case 2131624160:
                this.startActivity(new android.content.Intent(this, com.recoverimages.datarestorepicturecanfreeapp.AboutActivity));
                this.mInterstitialAd.show();
                this.mInterstitialAd.loadAd(this.adRequest2);
                break;
        }
        return;
    }

Method android.content.Intent.putExtra() not found.

[TAINT] String 'Hey check out my app at: https://play.google.com/store/apps/details?id=' ==>>> Sink '['Landroid/content/Intent;', 'putExtra', '(Ljava/lang/String; Ljava/lang/String;)Landroid/content/Intent;', '1', 'IPC_SINK']' [[('Lcom/recoverimages/datarestorepicturecanfreeapp/MainActivity$ShareClick;', 'onClick', '(Landroid/view/View;)V'), ('Landroid/content/Intent;', 'putExtra', '(Ljava/lang/String; Ljava/lang/String;)Landroid/content/Intent;')]]

Use of a string value Hey check out my app at: https://play.google.com/store/apps/details?id= to construct an Intent

Method com.recoverimages.datarestorepicturecanfreeapp.MainActivity$ShareClick.onClick():


    public void onClick(android.view.View p5)
    {
        android.content.Intent v0_1 = new android.content.Intent();
        v0_1.setAction("android.intent.action.SEND");
        v0_1.putExtra("android.intent.extra.TEXT", new StringBuilder().append("Hey check out my app at: https://play.google.com/store/apps/details?id=").append(this.this$0.getPackageName()).append("&hl=en").toString());
        v0_1.putExtra("android.intent.extra.SUBJECT", "Restore deleted photo");
        v0_1.setType("text/plain");
        this.this$0.startActivity(v0_1);
        return;
    }

Method android.content.Intent.putExtra() not found.

[TAINT] String 'https://play.google.com/store/apps/details?id=' ==>>> Sink '['Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V', '1', 'IPC_SINK']' [[('Lcom/recoverimages/datarestorepicturecanfreeapp/MainActivity$RateClick;', 'onClick', '(Landroid/view/View;)V'), ('Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V')]]

Use of a string value https://play.google.com/store/apps/details?id= to construct an Intent

Method com.recoverimages.datarestorepicturecanfreeapp.MainActivity$RateClick.onClick():


    public void onClick(android.view.View p6)
    {
        this.this$0.startActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse(new StringBuilder().append("https://play.google.com/store/apps/details?id=").append(this.this$0.getPackageName()).append("&hl=en").toString())));
        return;
    }

Method android.content.Intent.<init>() not found.

[TAINT] String 'https://play.google.com/store/apps/developer?id=Rpaul' ==>>> Sink '['Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V', '1', 'IPC_SINK']' [[('Lcom/recoverimages/datarestorepicturecanfreeapp/MainActivity$MoreClick;', 'onClick', '(Landroid/view/View;)V'), ('Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V')]]

Use of a string value https://play.google.com/store/apps/developer?id=Rpaul to construct an Intent

Method com.recoverimages.datarestorepicturecanfreeapp.MainActivity$MoreClick.onClick():


    public void onClick(android.view.View p5)
    {
        this.this$0.startActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse("https://play.google.com/store/apps/developer?id=Rpaul")));
        return;
    }

Method android.content.Intent.<init>() not found.

[TAINT] String 'https://play.google.com/store/apps/details?id=' ==>>> Sink '['Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V', '1', 'IPC_SINK']' [[('Lcom/recoverimages/datarestorepicturecanfreeapp/Main2Activity;', 'onOptionsItemSelected', '(Landroid/view/MenuItem;)Z'), ('Landroid/content/Intent;', '<init>', '(Ljava/lang/String; Landroid/net/Uri;)V')]]

Use of a string value https://play.google.com/store/apps/details?id= to construct an Intent

Method com.recoverimages.datarestorepicturecanfreeapp.Main2Activity.onOptionsItemSelected():


    public boolean onOptionsItemSelected(android.view.MenuItem p8)
    {
        boolean v2 = 1;
        switch (p8.getItemId()) {
            case 2131624226:
                this.startActivity(new android.content.Intent(this, com.recoverimages.datarestorepicturecanfreeapp.Settings));
                this.mInterstitialAd.show();
                this.mInterstitialAd.loadAd(this.adRequest2);
                break;
            case 2131624227:
                this.startActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse("https://play.google.com/store/apps/developer?id=Rpaul")));
                break;
            case 2131624228:
                this.startActivity(new android.content.Intent(this, com.recoverimages.datarestorepicturecanfreeapp.AboutActivity));
                this.mInterstitialAd.show();
                this.mInterstitialAd.loadAd(this.adRequest2);
                break;
            case 2131624229:
                android.content.Intent v1_1 = new android.content.Intent();
                v1_1.setAction("android.intent.action.SEND");
                v1_1.putExtra("android.intent.extra.TEXT", new StringBuilder().append("Hey check out my app at: https://play.google.com/store/apps/details?id=").append(this.getPackageName()).append("&hl=en").toString());
                v1_1.putExtra("android.intent.extra.SUBJECT", "Restore deleted photo");
                v1_1.setType("text/plain");
                this.startActivity(v1_1);
                break;
            case 2131624230:
                android.support.v7.app.AlertDialog v0 = new android.support.v7.app.AlertDialog$Builder(this).create();
                v0.setTitle("Info");
                v0.setMessage(this.getResources().getString(2131165220));
                v0.setButton(-3, "OK", new com.recoverimages.datarestorepicturecanfreeapp.Main2Activity$9(this));
                v0.show();
                break;
            case 2131624231:
                this.startActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse(new StringBuilder().append("https://play.google.com/store/apps/details?id=").append(this.getPackageName()).append("&hl=en").toString())));
                break;
            default:
                v2 = super.onOptionsItemSelected(p8);
        }
        return v2;
    }

Method android.content.Intent.<init>() not found.