Any app can launch a WebAPK with the splashscreen of their choosing |
|||
Issue descriptionIf a WebAPK for https://www.google.com/maps is installed Any app can launch the installed https://www.google.com/maps WebAPK by firing an intent Because the splash screen strings and images are extracted from the launch intent: - It is possible for an "evil app" to launch the https://www.google.com/maps WebAPK with a splash screen which says "Hacked"
,
Oct 1 2016
,
Oct 4 2016
Impact seems limited from a security perspective, but it would be good to fix to reduce user confusion.
,
Oct 9 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f16aacf71eddfb0d9be72a22b53754640b2d42f4 commit f16aacf71eddfb0d9be72a22b53754640b2d42f4 Author: pkotwicz <pkotwicz@chromium.org> Date: Sun Oct 09 00:55:55 2016 Move Webapp launch code to WebappLauncherActivity#launch() to enable early returns This CL moves most of the logic in WebappLauncherActivity#onCreate() to WebappLauncherActivity#launch() in order to enable WebappLauncherActivity#launch() to early return. This is in preparation to fixing http://crbug.com/651640 which will add more code paths to WebappLauncherActivity#launch() BUG= 651640 TEST=None Review-Url: https://codereview.chromium.org/2385413002 Cr-Commit-Position: refs/heads/master@{#424088} [modify] https://crrev.com/f16aacf71eddfb0d9be72a22b53754640b2d42f4/chrome/android/java/src/org/chromium/chrome/browser/webapps/WebappLauncherActivity.java
,
Oct 13 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0b7c2979c1f64fbfb6ce5967a1424890b86579f1 commit 0b7c2979c1f64fbfb6ce5967a1424890b86579f1 Author: pkotwicz <pkotwicz@chromium.org> Date: Thu Oct 13 18:20:09 2016 Read the bare minimum of data from the WebAPK launch intent. The launch intent for WebappLauncherActivity may be sent by any app, not necessarily Chrome or a WebAPK. For WebAPKs (unlike non-WebAPK web apps) the id is predictable. For WebAPKs we verify that the package name in the intent matches an installed WebAPK and that the start URL falls within the WebAPK's scope. We do not validate any of the other data in the launch intent. Prior to this CL, by customizing the launch intent a third party APK was able to launch a WebAPK with an arbirtrary name and icon on the splash screen. This CL reduces the amount of data we extract from the WebappLauncherActivity launch intent to the minimum possible. We still read from the launch intent the following data: - WebAPK package name - URL to navigate the WebAPK to. We cannot use the WebAPK's start URL because the WebAPK can be launched at any URL within the WebAPK scope via deep linking. We do verify that the URL in the intent is within the WebAPK scope. - The reason the WebAPK got launched (e.g. launched from a notification). This is used for UMA only. BUG= 651640 Review-Url: https://codereview.chromium.org/2409483002 Cr-Commit-Position: refs/heads/master@{#425093} [modify] https://crrev.com/0b7c2979c1f64fbfb6ce5967a1424890b86579f1/chrome/android/java/src/org/chromium/chrome/browser/webapps/ManifestUpgradeDetector.java [add] https://crrev.com/0b7c2979c1f64fbfb6ce5967a1424890b86579f1/chrome/android/java/src/org/chromium/chrome/browser/webapps/WebApkMetaDataUtils.java [modify] https://crrev.com/0b7c2979c1f64fbfb6ce5967a1424890b86579f1/chrome/android/java/src/org/chromium/chrome/browser/webapps/WebappInfo.java [modify] https://crrev.com/0b7c2979c1f64fbfb6ce5967a1424890b86579f1/chrome/android/java/src/org/chromium/chrome/browser/webapps/WebappLauncherActivity.java [modify] https://crrev.com/0b7c2979c1f64fbfb6ce5967a1424890b86579f1/chrome/android/java_sources.gni [modify] https://crrev.com/0b7c2979c1f64fbfb6ce5967a1424890b86579f1/chrome/android/javatests/src/org/chromium/chrome/browser/webapps/WebappInfoTest.java [add] https://crrev.com/0b7c2979c1f64fbfb6ce5967a1424890b86579f1/chrome/android/junit/src/org/chromium/chrome/browser/webapps/WebApkMetaDataUtilsTest.java [modify] https://crrev.com/0b7c2979c1f64fbfb6ce5967a1424890b86579f1/chrome/android/webapk/libs/common/src/org/chromium/webapk/lib/common/WebApkConstants.java [modify] https://crrev.com/0b7c2979c1f64fbfb6ce5967a1424890b86579f1/chrome/android/webapk/libs/common/src/org/chromium/webapk/lib/common/WebApkMetaDataKeys.java [modify] https://crrev.com/0b7c2979c1f64fbfb6ce5967a1424890b86579f1/chrome/android/webapk/libs/runtime_library/BUILD.gn [delete] https://crrev.com/741effdd4161d13f86ed8e73c2e16f9628e7466d/chrome/android/webapk/libs/runtime_library/src/org/chromium/webapk/lib/runtime_library/HostBrowserLauncher.java [modify] https://crrev.com/0b7c2979c1f64fbfb6ce5967a1424890b86579f1/chrome/android/webapk/shell_apk/AndroidManifest.xml [modify] https://crrev.com/0b7c2979c1f64fbfb6ce5967a1424890b86579f1/chrome/android/webapk/shell_apk/src/org/chromium/webapk/shell_apk/MainActivity.java
,
Oct 29 2016
Test steps for test team 1) Uninstall any currently installed "test WebAPKs" (APKs with yellow hexagon) 2) Enable WebAPKs by following steps in https://docs.google.com/a/google.com/document/d/1gHZ1YXO7QRZO6hgt11uqItNpl5WrZBJYxPYAnuJphXU/edit?usp=sharing 3) "Force Stop" Chrome 4) In Chrome for Android, navigate to https://goo.gl/36GSsH 5) Select "Add to Home screen" from the app menu. An infobar will show briefly. Press the "Install" button when asked to install the "Simple Test" APK 6) Run the attached Python script from the command line send_intent_to_webapk.py [chrome package name] [chrome package name] is one of com.chrome.dev, com.chrome.beta, com.android.chrome Example: intent_to_webapk.py com.chrome.dev 7) Running the script should launch the WebAPK. Check that the splash screen background is green (not red) |
|||
►
Sign in to add a comment |
|||
Comment 1 by pkotw...@chromium.org
, Sep 30 2016