An insecure method of runtime permission check when accessing resources or URI in the context of inter-process communication (IPC).

The checkCallingOrSelfPermission() and checkCallingOrSelfUriPermission() methods return PERMISSION_GRANTED if either the caller or the called application has the required permission. Improper use of these methods can lead to privilege escalation (confused deputy attack).

Malicious applications can use the features of these methods and, in case of their misuse, access certain resources or the URI without the required permission, if the vulnerable application that provides an interface to its resources through IPC has the required permission.

Android : File with universal read or write access

DerScanner Severity Score

Do you want to fix Android : File with universal read or write access in your application?

See also