SecurityBoat
Android Security
Made by @SecurityBoat
0 0
3
21
1: Which Android component is most commonly abused to trigger unintended execution in another app?
10s
Activity
BroadcastReceiver
Service
ContentProvider
2: What is the primary risk of exporting an Activity or Service without proper protection?
10s
Increased battery drain
Possibility of Intent interception
Unauthorized access leading to privilege escalation
Slower performance
3: Which function classification is most likely considered a sink in Android RCE taint analysis?
10s
Log.d()
SharedPreferences.getString()
Runtime.getRuntime().exec()
Toast.makeText()
4: Which mechanism enforces sandboxing between Android applications?
10s
ProGuard
SELinux + UID isolation
Encrypted SharedPreferences
Manifest permissions
5: Which of the following is a common source of tainted user-controlled data?
10s
Intent extras
Hardcoded strings
Internal-only method calls
R.java constants
6: Why is Semgrep often insufficient for deep Android RCE detection?
10s
It cannot scan Java code
It ignores AndroidManifests
It cannot perform interprocedural taint tracking across files/components
It is too slow
7: What is the recommended protection to prevent other apps from sending Intents to a BroadcastReceiver?
10s
Add android:exported="true"
Use implicit Intents
Add signature-level permissions
Disable the component
8: Which API is most dangerous when invoked with user-controlled input?
10s
Base64.decode()
Class.forName()
Intent.setAction()
getApplicationContext()
9: What is the primary issue with calling loadLibrary() using attacker-controlled input?
10s
It slows the app
It may load outdated libraries
It allows loading arbitrary native code
It requires root
10: Which tool offers the deepest coverage for Android inter-component taint tracking?
10s