You’re almost there — sign up to start building in Notion today.
Sign up or login

Activities

An activity in Android is a component that provides a screen with which users can interact to do something, such as dial the phone, take a photo, or view a map. It is like a window or frame of a desktop application. XML files provide the design of the screen and JAVA files deal with all coding stuff like handles, what is happening, design files, etc. JAVA files and XML files make your activity complete.
For example, when you open an app on your phone, you are interacting with an activity. When you click on a button or type something in a text box, you are interacting with that activity.
Each activity is bundled in a Context and only the application user have access to these Context. Therefore malicious apps couldn’t access to other apps activity information because they don’t have access to their Context.
💡 Callout icon
We have some scenario that developer want to make an activity able to open by 3third party application. In this case he/she can make specific activity exportable.

What is Context?

Think of an activity as a screen in your Android app. Each activity needs some information about the app to function properly. Things like:
Resources (strings, images, etc)
Preferences
Databases
Permissions
And more...
The context provides this information to the activity. It's like a backpack that the activity carries around, full of everything it needs to do its work.
Without a context, an activity wouldn't have access to these resources and wouldn't work properly. So every activity has a context associated with it that contains this useful information about the app.
Imagine you are in a big city, and you want to go somewhere. You need some information about the city, such as the map, the traffic, the weather, the public transportation, etc. This information is like the context of the city. It helps you navigate and interact with the city.
Now, imagine you are in a specific place in the city, such as a museum, a park, a restaurant, etc. This place is like an activity in Android. It has its own appearance and functionality. You can see things, touch things, do things, etc. But you still need the context of the city to get there and leave there. You can also use the context of the city to access other services or resources that are not part of the place itself.
So, in summary, context is a way of accessing information and resources that are related to your app environment. Activity is a way of presenting a user interface and handling user interaction within your app. Activity is a subclass of context, which means it inherits all the methods and properties of context, but it also has its own features and behaviors.
Most commonly, the context is used to:
Access resources like strings or images: context.getString(R.string.hello)
Open preferences: context.getSharedPreferences()
Query databases: context.openOrCreateDatabase()
Check permissions: context.checkPermission()
And more...
So in short, the context provides the necessary information and resources for an Android activity to function. It's the glue that connects the activity to the overall app. Context is like a personal assists for Activity.

How to make an activity exportable?

In two way an activity cloud be exportable. The first one we call explicit export. To do this we can simply add
exported="true"
in manifest for activity.
The other way which usually developer dose not aware from it, is when we use
<intent-filter>
tag inside a
<activity>
tag. We call this method Implicit export.
💡 Callout icon
The rest 3 component are exportable like activities. Activities BroadcastReceiver Services ContentProvider → This component dose not have <intent-filter> tag

Intent-Filter tag

An intent-filter tag is used to specify the types of intents that an activity, service, or broadcast receiver can respond to. It declares the capabilities of its parent component: what an activity or service can do and what types of broadcasts a receiver can handle. An intent-filter tag can contain sub-elements such as <action>, <category>, and <data> that describe the action, category, and data of the intents that the component can handle. For example, an activity that can show a location on a map can have an intent-filter tag like this:
<intent-filter> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.DEFAULT" /> <data android:scheme="geo" /> </intent-filter>
This means that the activity can handle intents with the action
android.intent.action.VIEW
, the category
android.intent.category.DEFAULT
, and the data scheme
geo
.
An intent-filter tag is supposed to be added between the opening and closing tags of a receiver, service or activity in the app's manifest file (AndroidManifest.xml). It signifies the "implicit intents" that the app can handle. In your app menu, where you have all your apps listed, Android looks for the intent
Main
and
Launcher
. For example, an activity that can be launched from the app menu can have an intent-filter tag like this:
<intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter>
This means that the activity can handle intents with the action
android.intent.action.MAIN
and the category
android.intent.category.LAUNCHER
.

Activity Lifecycle

Each activity lifecycle has six callbacks that the system invokes when the activity enters a new state. They are:
onCreate(): This is called when the activity is first created. You can use this method to initialize your UI components, set up data sources, etc.
onStart(): This is called when the activity becomes visible to the user. You can use this method to register listeners, bind to services, etc.
onResume(): This is called when the activity starts interacting with the user. You can use this method to resume animations, start playing media, etc.
onPause(): This is called when the activity is partially obscured by another activity. You can use this method to pause animations, stop playing media, release resources, etc.
onStop(): This is called when the activity is no longer visible to the user. You can use this method to unregister listeners, unbind from services, etc.
onDestroy(): This is called when the activity is destroyed by the system or by calling finish(). You can use this method to perform final cleanup, such as releasing resources that are not handled by the garbage collector.

Playing with Activities via ADB

There is a command line tool name
am
(Activity Manager) in android terminal. You can use this tool to manage apks activity. For example opening them, sending data to theme, open an activity with specific user ID, and etc.
To start a activity:
am start -n com.mwr.example.sieve/.PWList
To start a activity programmatically:
// Set the package name of the third-party app String packageName = "com.mwr.example.sieve"; // Set the activity name of the third-party app String activityName = "com.mwr.example.sieve.PWList"; // Create an Intent object with the package name and activity name Intent intent = new Intent(); intent.setComponent(new ComponentName(packageName, activityName)); // Start the activity startActivity(intent);

Tasks

Exploiting Sieve password manager