You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
because, and it says, "Set FirebaseMessagingServices to exported="false" to explicitly
prevent other apps from being able to send messages to it."
This is a good practice, but other documentation (see e.g. https://stackoverflow.com/a/43991861) notes that runtime checks (in the FCM code) prevent other applications from calling into this Service arbitrarily.
Experimentally, this seems to be the case:
Create some app that extends the FirebaseMessaging class, and notes the following block in its manifest
Set a breakpoint on the extended class's onMessageReceived method, in e.g. Android Studio
Run the application under Debug, foreground it, and issue the following ADB command (with suitably replaced options) to start the Service with an intent
adb shell am startservice -n com.test.android.app/com.foo.java.MyFirebaseMessagingService -a com.google.firebase.MESSAGING_EVENT
Notice that your breakpoint is not hit, even though the Intent was sent successfully
This was repeated with various intent extras, as well. And with runtime method hooking of onMessageReceived with https://www.frida.re/, to log if it is called.
So, just wondering if someone could clear up this ambiguity-- is it actually a risk to export said service (i.e. com.google.firebase.messaging.FirebaseMessagingService and classes that extend it) without permissions (as the PR implies), or is it not (as the noted documentation states)?
The text was updated successfully, but these errors were encountered:
I have a general question.
This pull request: #850
explicitly disables the export of the sample FirebaseMessaging Service, i.e.
<service android:name=".java.MyFirebaseMessagingService" android:exported="false">
because, and it says, "Set FirebaseMessagingServices to exported="false" to explicitly
prevent other apps from being able to send messages to it."
This is a good practice, but other documentation (see e.g. https://stackoverflow.com/a/43991861) notes that runtime checks (in the FCM code) prevent other applications from calling into this Service arbitrarily.
Experimentally, this seems to be the case:
<service android:name=".java.MyFirebaseMessagingService"> <service android:name=".java.MyFirebaseMessagingService""> <intent-filter> <action android:name="com.google.firebase.MESSAGING_EVENT" /> </intent-filter>
which was the default before the noted PR.
Set a breakpoint on the extended class's onMessageReceived method, in e.g. Android Studio
Run the application under Debug, foreground it, and issue the following ADB command (with suitably replaced options) to start the Service with an intent
adb shell am startservice -n com.test.android.app/com.foo.java.MyFirebaseMessagingService -a com.google.firebase.MESSAGING_EVENT
This was repeated with various intent extras, as well. And with runtime method hooking of onMessageReceived with https://www.frida.re/, to log if it is called.
So, just wondering if someone could clear up this ambiguity-- is it actually a risk to export said service (i.e. com.google.firebase.messaging.FirebaseMessagingService and classes that extend it) without permissions (as the PR implies), or is it not (as the noted documentation states)?
The text was updated successfully, but these errors were encountered: