Complex AndroidManifest.xml analysis

[Razican]

We need to add content providers, receivers, etc. to manifest analysis, and rules to decide what to analyze. Here is the complete list:

• <provider>:
  • if android:exported="false" everything is OK.
  • if android:exported="true" and any targetSdkVersion or no android:exported and minSdkVersion < 17, we could have a vulnerability:
    • if android:permission or android:readPermission or android:writePermission, only warning.
    • if no permissions, medium or high vulnerability: other apps can read it.
• <receiver>, <activity>, <activity-alias> or <service>:
  • if android:exported="false" everything is OK.
  • if android:exported="true" we could have a vulnerability:
    • if android:permission, only warning.
    • if no permissions, medium or high vulnerability: other apps can access it.
  • If no android:exported, we could have a vulnerability:
    • if no <intent-filter>, everything is OK.
    • if <intent-filter>:
      • if android:permission, only warning.
      • if no permissions, medium or high vulnerability: other apps can access it.

Analysis from AndroBugs: https://github.com/AndroBugs/AndroBugs_Framework/blob/master/androbugs.py

[Chuky9]

Complex AndroidManifest.xml analysis implemented but some clarifications are required in order to improve these detections in the next version (0.3.0). That's why this issue will remain openned.

[Razican]

This depends on #20. We suppose that it will be available before the launch of 0.3.0 with enough time to implement it, so we maintain it for 0.3.0.

[Razican]

Moving this to SUPER 0.5.0.