[MUSIC] Let's look at another way that an open service, that can be invoked by an intent might accidentally leak a capability that another app does not currently have permission to access through that intent-based service. So let's assume that we have a service that allows an app to download an arbitrary file by simply sending our app an intent and you tell our app, what is the URL of the file that you want to download? Our app will automatically go and download that file, store it to disk and then return via intent to whatever app called us the location of the file that we downloaded. So, we're creating a generic download service that we want to expose to other apps on the device via an intent. Well, let's say that your malware and you want to download a malicious payload to the device. So for example, you want to download some extra code that's going to be used to attack the device. Well, if you're malware and you have no permissions, you look a lot less suspicious to the user. So, you can have no permissions. And essentially, the user is going to think, well, it's unlikely this app is going to do anything very malicious, because it has no permissions. But in reality, because you've created this app that allows another app to send an intent to download something. So we're going to send an intent and we're going to say, download attack payload. So we'll go and tell it this malicious payload that we want to get downloaded, it'll go off to the internet and get that payload for us and return the attack payload. And then it will return to this piece of malware in its on result. The file where the attack payload is stored. So in this case, what we've got is we've got an app that's creating a service, that's intended to be helpful to other apps in the device. But because it allows any app to send in an intent saying, go and download something for me and then it blindly goes and accesses the internet which is a capability that it has. Downloads the payload for it and then returns the payload to whoever sent it that intent. Again, we're bypassing Android's built-in permissions mechanism by having a piece of malware that's essentially manipulating another app into getting access to a capability in the device. In this case, access to the internet that it doesn't currently have. So one of the things you have to be cognizant of is that although you can create apps that can talk to other apps, that when you talk to those other apps that you talk to them in a way and take commands or other things from them in a way that doesn't break the permission model on the Android. That if you're going to use something like internet or the camera that you make sure that the way that you're using and accessing that thing and the data you're returning to the application that's asking for access to it isn't done in such a way that you're breaking the permissions or circumventing what the user intended that app to have access to. If the user didn't give a piece of malware or any informations, your app shouldn't be exposing additional capabilities or permissions to that malware by not checking the capabilities that it has when it begins interacting with it.