Apparently all Android apps have a file called the AndroidManifest.xml, and this contains information the system has to have before it can run any of the app’s code. So it’s a pretty important file. Unfortunately, if that file is malformed, it can cause big problems for the device that’s running it.
Earlier this month, TrendMicro reported on the issue after coming across a vulnerability related to the file that may cause devices to experience continuous cycles of rebooting, which would (as you might imagine) make the device impossible to use. Mobile security engineer Simon Huang wrote:
The vulnerability can cause the OS to crash through two different ways. The first involves very long strings and memory allocation. Some apps may contain huge strings in their .XML files, using document type definition (DTD) technology. When this string reference is assigned to some of the tags in AndroidManifest.xml (e.g., permission name, label, name of activity), the Package Parser will require memory to parse this .XML file. However, when it requires more memory than is available, the PackageParser will crash. This triggers a chain reaction wherein all the running services stops and the whole system consequently reboots once.
The second way involves .APK files and a specific intent-filter, which declares what a service or activity can do. An icon will be created in the launcher if the manifest file contains an activity definition with this specific intent-filter…
Check out TrendMicro’s post for additional details. The company says it notified Google about the issue, so hopefully it will be taken care of soon if it hasn’t been already.
Image via Google