Externally Reported Low Severity Security Vulnerability: SMS Resend Vulnerability in Android
Bug 17671795
Require SEND_SMS permission so apps without it won't be able to trick
the messaging app into sending messages.
Change-Id: Ibb1bc8ac33cdc2df956b79ba3dd16b37c44b955d
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 13a84d8..ea7429b 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -235,7 +235,8 @@
</receiver>
<!-- Catch-all receiver for broadcasts that don't have associated security -->
- <receiver android:name=".transaction.SmsReceiver">
+ <receiver android:name=".transaction.SmsReceiver"
+ android:permission="android.permission.SEND_SMS">
<intent-filter>
<action android:name="android.intent.action.BOOT_COMPLETED" />
</intent-filter>