Posted by Wang,Tao(Scloud) on Nov 26
INTRODUCTION
==================================
In Android <5.0 (and maybe >= 4.0), Settings application leaks Pendingintent with a blank base intent (neither the
component nor the action is explicitly set) to third party application, bad app can use this to broadcast intent with
the same permissions and identity of the Settings application, which runs as SYSTEM uid. Thus bad app can broadcast
sensitive intent with the permission of…