Google Photos android app’s activity com.google.android.apps.photos.pager.HostPhotoPagerActivity has set to exported with intent filter has file scheme support which means third party app could use this exported activity to pass file from file uri without access validation.
Continue reading “Google Photos : Theft of Database & Arbitrary Files Android Vulnerability”Xiaomi Android : Harvest private/system files (Updated POC)
Yet another android vulnerability which I found on Xiaomi: giant mobile manufacturer company.
Summary: There inbuilt SMS is an application pre-installed on those devices. The application is built with feature which sync in to cloud using webview through application’s sandbox.
This application can also be launched from the browser and have its WebView directed to load an arbitrary URL and allow access to local file system, read local resources and access network resources.