Isvalidfragment Android API 19

isValidFragment Android API 19

Try this... this is how we check validity of fragment.

protected boolean isValidFragment(String fragmentName) {
  return StockPreferenceFragment.class.getName().equals(fragmentName);
}

when android's isValidFragment() from PreferenceActivity gets called?

Seems to be a bug or a 4.4 security restriction. Workaraound is to use anything below 19 that is still compatible with PreferenceActivity, and bite the bullet for compiling with an older target.

I am using the headers "pattern" for the PreferenceActivity (overriding public void onBuildHeaders(List<Header> target)), and I assume the OP is too, most likely being the place where stuff happens and crashes.

In my case, I have narrowed this exception to <uses-sdk android:targetSdkVersion="19" />, and anything in [14-18] build targets will compile and run without issues.

Suggestion (for Eclipse): I never messed directly messed with such stuff, but I'm assuming if you compile your PreferenceActivity (and maybe fragments) on a different project, targeting 18 or under (pun not intended :O ), and then using that project as a library for your main project targeting KitKat (19), perhaps you can avoid the crash scenario at run-time while still using the features you need from the latest build (as long as those features aren't in the build-18-bound PreferenceActivity). If this does not succeed, try with that project in jar form (pre-compiled) instead of using project as library.

UPDATE: also take note of Camille Sévigny's answer. If the issue has anything to do with that other question (50% chance IMHO), all apps targeting API 18 are vulnerable to fragment injection attacks (see his linked question).

why would a fragment class may not be valid?

Why?

PreferenceActivity had its security compromised and isValidFragment(String name) was provided as a response.

More specifically, from the vulnerability disclosure:

Any app which implements and exports an activity
that extends a PreferenceActivity class
can be subverted to load an arbitrary class by
exploiting the dynamic fragment loading process.

The security issue meant that a rogue application could instantiate your PreferenceFragments and they would get their extras from the actual parent, leaking data.

As a patch, isValidFragment(String name) was created so you are forced to either provide a whitelist of "safe" fragments or if you return always true, acknowledge the risk of your application being compromised.

It is only needed starting KitKat because is when the patch was introduced.

How could a fragment class not be valid?

Having a name alien to your app.

What could go wrong?

Somebody could attack your app through the method described in this pdf linked by @Sree in the comments.

isValidFragment in PreferenceActivity Method does not override method of its superclass

Set your build target (e.g., Project > Properties > Android in Eclipse, compileSdkVersion in build.gradle) to API Level 19 or higher. My guess is that yours is set to something lower than that.

PerferenceActivity with PreferenceFragment fails on device with proguard okay without proguard

I would use -keep class your.package.goes.here.** { *; }, to make sure ProGuard does not get rid of any of your own classes, including your fragments referenced by layouts or other resources instead of code.

Note that I am no ProGuard expert, and so this may be "swatting a fly with a Buick", but it works for me, including my PreferenceFragments.

When i click on header, no preferences show up

check if u didn't get:

java.lang.RuntimeException:

Subclasses of PreferenceActivity must override isValidFragment(String) to verify that the Fragment class is valid!
XXX has not checked if fragment YYY is valid.

isValidFragment Android API 19

when android's isValidFragment() from PreferenceActivity gets called?

http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection#.VRGSv1V_NBc

---

Related Topics