I had a look at the diff where the broadAnywhere threat is fixed, and it's basically just
mPendingIntent = PendingIntent.getBroadcast(this, 0, new Intent(), 0); replaced with:
Intent identityIntent = new Intent(); identityIntent.setComponent(new ComponentName(SHOULD_NOT_RESOLVE, SHOULD_NOT_RESOLVE)); identityIntent.setAction(SHOULD_NOT_RESOLVE); identityIntent.addCategory(SHOULD_NOT_RESOLVE); mPendingIntent = PendingIntent.getBroadcast(this, 0, identityIntent, 0);
I installed an antivirus on my mobile, and it said it is now defending my mobile against the broadAnywhere threat.
But since applications are sandboxed in Android and the
identityIntent is going to be passed from one application to another, how on earth is an antivirus going to be able to detect what
identityIntent is being passed between applications? Will an antivirus really be able to defend/protect a mobile phone from the broadAnywhere threat?