This is a write up for CVE-2020–15647, explaining how webpages are capable of stealing files from your Android device, including but not limited to cookies from any visited website.

Introduction

In mid-2020, I started checking Android browsers for multiple types of vulnerabilities; while reviewing v68.9.0 of Firefox for Android, I noticed it displaying strange behaviour when browsing content:// URIs.

For context, Content URIs in Android identify data in a content provider; they can represent multiple forms of information, such as files or database information.

Most browsers support the parsing and processing of both file:// and content:// URI schemes. If you try…


Brave for Android had a vulnerability that allowed a malicious web page to steal your cookies remotely. The vulnerability was reported through HackerOne and took 5 months to fix.

Introduction

During my research with Android applications, I found a few vulnerabilities in some of the most used browsers. When researching Brave, I noticed that it was using a Content Provider that was exposing all files from the public directory as well as its private files.

To deal with files, most Android applications use a File Provider. This allows files to be accessed with a content:// schemed URI. To configure a File…

Pedro Oliveira

Android Developer and Security Enthusiast

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store