Lect_9 - Deekshith19/Android_Security GitHub Wiki

Lecture 9

11. Access Control Issues – Part 3

image

Let’s Create a PIN and Access the Private Notes via the Generated PIN.

image

image

Our Goal is to access the Private Notes without interacting with the application,

image

2 Files has been logged while creating PIN and Viewing the Private Notes. Analyze the Source code in the JADX.

image

image

AccessControl3Activity

In our AccessControl3Activity, we store our PIN using a SharedPreferences object. This PIN is used for authentication.

When the correct PIN is entered, it launches the AccessControl3NotesActivity activity. This activity validates the entered PIN before showing the notes via a query to NotesProvider.CONTENT_URI.

The NotesProvider is a content provider that dumps all of the notes.

To dump the content provided by NotesProvider, you can use the following command in your terminal:

adb shell content query --uri content://jakhar.aseem.diva.provider.notesprovider/notes/