This is not a flaw. The INTERNET permission is allowing your app to access network sites. When you call the VIEW intent, you are telling a different app to open the site. Those apps have the INTERNET permission, which is why this works fine.
android.permission.INTERNET not used yet able to send CGI calls through browser
-
19-10-2022 - |
题
I have not used the following permission in my app:
android.permission.INTERNET
However if i fire an intent with:
android.intent.action.VIEW
with a url that looked something like this:
http://www.mysite.com/collectUsersStuff?UsersSecretStuff=hisSecret
it will open a prompt to open chrome to connect to the webserver. So my point is even without the INTERNET permissions from my apps manifest i can get the authority to send from another app who handles network calls. Is there anyway to assure the user that my app will not take advantage of this flaw ?
没有正确的解决方案
其他提示
不隶属于 StackOverflow