Ionic View is injecting malicious code?

devlux · September 25, 2015, 7:48am

Hello,

I have an app I built and when I install the APK directly to the device it runs fine.
Recently I wanted to show it to a client so I had them install Ionic View and made the app available to them.

They ran it, but none of the plugins seemed to work. This was very strange to me because I only use the ngCordova versions of Barcode Scanner and Camera.

So I pulled up adb logcat and my jaw dropped when I saw this.
If I’m reading it right then Ionic View has been compromised and is injecting malicious code.
I’ll post the log so you can read it for yourself.


D/CordovaActivity( 7878): Resuming the App
E/CordovaBridge( 7878): Bridge access attempt with wrong secret token, possibly from malicious code. Disabling exec() bridge!
W/System.err( 7878): java.lang.IllegalAccessException
W/System.err( 7878): 	at org.apache.cordova.CordovaBridge.verifySecret(CordovaBridge.java:104)
W/System.err( 7878): 	at org.apache.cordova.CordovaBridge.jsRetrieveJsMessages(CordovaBridge.java:85)
W/System.err( 7878): 	at org.apache.cordova.ExposedJsApi.retrieveJsMessages(ExposedJsApi.java:50)
W/System.err( 7878): 	at com.android.org.chromium.base.SystemMessageHandler.nativeDoRunLoopOnce(Native Method)
W/System.err( 7878): 	at com.android.org.chromium.base.SystemMessageHandler.handleMessage(SystemMessageHandler.java:53)
W/System.err( 7878): 	at android.os.Handler.dispatchMessage(Handler.java:102)
W/System.err( 7878): 	at android.os.Looper.loop(Looper.java:135)
W/System.err( 7878): 	at android.os.HandlerThread.run(HandlerThread.java:61)
I/OpenGLRenderer( 7878): Initialized EGL, version 1.4
E/CordovaBridge( 7878): Bridge access attempt with wrong secret token, possibly from malicious code. Disabling exec() bridge!
W/System.err( 7878): java.lang.IllegalAccessException
W/System.err( 7878): 	at org.apache.cordova.CordovaBridge.verifySecret(CordovaBridge.java:104)
W/System.err( 7878): 	at org.apache.cordova.CordovaBridge.jsRetrieveJsMessages(CordovaBridge.java:85)
W/System.err( 7878): 	at org.apache.cordova.ExposedJsApi.retrieveJsMessages(ExposedJsApi.java:50)
W/System.err( 7878): 	at com.android.org.chromium.base.SystemMessageHandler.nativeDoRunLoopOnce(Native Method)
W/System.err( 7878): 	at com.android.org.chromium.base.SystemMessageHandler.handleMessage(SystemMessageHandler.java:53)
W/System.err( 7878): 	at android.os.Handler.dispatchMessage(Handler.java:102)
W/System.err( 7878): 	at android.os.Looper.loop(Looper.java:135)
W/System.err( 7878): 	at android.os.HandlerThread.run(HandlerThread.java:61)
D/CordovaLog( 7878): file:///android_asset/www/cordova.js: Line 962 : Uncaught Error: Java exception was raised during method invocation
I/chromium( 7878): [INFO:CONSOLE(962)] "Uncaught Error: Java exception was raised during method invocation", source: file:///android_asset/www/cordova.js (962)
D/CordovaLog( 7878): file:///android_asset/www/cordova.js: Line 962 : Uncaught Error: Java exception was raised during method invocation
I/chromium( 7878): [INFO:CONSOLE(962)] "Uncaught Error: Java exception was raised during method invocation", source: file:///android_asset/www/cordova.js (962)
E/CordovaBridge( 7878): Bridge access attempt with wrong secret token, possibly from malicious code. Disabling exec() bridge!
W/System.err( 7878): java.lang.IllegalAccessException
W/System.err( 7878): 	at org.apache.cordova.CordovaBridge.verifySecret(CordovaBridge.java:104)
W/System.err( 7878): 	at org.apache.cordova.CordovaBridge.jsRetrieveJsMessages(CordovaBridge.java:85)
W/System.err( 7878): 	at org.apache.cordova.ExposedJsApi.retrieveJsMessages(ExposedJsApi.java:50)
W/System.err( 7878): 	at com.android.org.chromium.base.SystemMessageHandler.nativeDoRunLoopOnce(Native Method)
W/System.err( 7878): 	at com.android.org.chromium.base.SystemMessageHandler.handleMessage(SystemMessageHandler.java:53)
W/System.err( 7878): 	at android.os.Handler.dispatchMessage(Handler.java:102)
W/System.err( 7878): 	at android.os.Looper.loop(Looper.java:135)
W/System.err( 7878): 	at android.os.HandlerThread.run(HandlerThread.java:61)
D/CordovaLog( 7878): file:///android_asset/www/cordova.js: Line 962 : Uncaught Error: Java exception was raised during method invocation
I/chromium( 7878): [INFO:CONSOLE(962)] "Uncaught Error: Java exception was raised during method invocation", source: file:///android_asset/www/cordova.js (962)

Nothing like this appears in the APK version so it’s something that ionic view is doing. Removing Ionic View and installing directly on the client’s device did in fact resolve the problem.

Someone should look into this right away.

Thanks!

demianh · November 17, 2015, 8:47am

I have the same problem. I installed Ionic Analytics according to this guide: http://docs.ionic.io/v1.0/docs/analytics-from-scratch After that, the app stopped working in Ionic View. It works when i build an APK and run the app directly.

Logcat gives the following information:

W/System.err( 5848): java.io.FileNotFoundException: path does not exist
W/System.err( 5848): at org.apache.cordova.file.FileUtils.getFile(FileUtils.java:840)
W/System.err( 5848): at org.apache.cordova.file.FileUtils.access$6(FileUtils.java:808)
W/System.err( 5848): at org.apache.cordova.file.FileUtils$17.run(FileUtils.java:249)
W/System.err( 5848): at org.apache.cordova.file.FileUtils$23.run(FileUtils.java:325)
W/System.err( 5848): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
W/System.err( 5848): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
W/System.err( 5848): at java.lang.Thread.run(Thread.java:818)

…and a bit later:

E/CordovaBridge( 5848): Bridge access attempt with wrong secret token, possibly from malicious code. Disabling exec() bridge!
W/System.err( 5848): java.lang.IllegalAccessException
W/System.err( 5848): at org.apache.cordova.CordovaBridge.verifySecret(CordovaBridge.java:104)
W/System.err( 5848): at org.apache.cordova.CordovaBridge.jsRetrieveJsMessages(CordovaBridge.java:85)
W/System.err( 5848): at org.apache.cordova.ExposedJsApi.retrieveJsMessages(ExposedJsApi.java:50)
W/System.err( 5848): at org.chromium.base.SystemMessageHandler.nativeDoRunLoopOnce(Native Method)
W/System.err( 5848): at org.chromium.base.SystemMessageHandler.handleMessage(SystemMessageHandler.java:37)
W/System.err( 5848): at android.os.Handler.dispatchMessage(Handler.java:102)
W/System.err( 5848): at android.os.Looper.loop(Looper.java:145)
W/System.err( 5848): at android.os.HandlerThread.run(HandlerThread.java:61)
D/CordovaLog( 5848): file:///android_asset/www/cordova.js: Line 962 : Uncaught Error: Java exception was raised during method invocation
I/chromium( 5848): [INFO:CONSOLE(962)] “Uncaught Error: Java exception was raised during method invocation”, source: file:///android_asset/www/cordova.js (962)

and one more time the same error, but different line number:

D/CordovaLog( 5848): file:///android_asset/www/cordova.js: Line 934 : Uncaught Error: Java exception was raised during method invocation
I/chromium( 5848): [INFO:CONSOLE(934)] “Uncaught Error: Java exception was raised during method invocation”, source: file:///android_asset/www/cordova.js (934)

and finally:

D/CordovaLog( 5848): file:///android_asset/www/cordova.js: Line 1419 : Uncaught Error: Module org.apache.cordova.device.device does not exist.
I/chromium( 5848): [INFO:CONSOLE(1419)] “Uncaught Error: Module org.apache.cordova.device.device does not exist.”, source: file:///android_asset/www/cordova.js (1419)

D/CordovaLog( 5848): file:///android_asset/www/cordova.js: Line 1186 : deviceready has not fired after 5 seconds.
I/chromium( 5848): [INFO:CONSOLE(1186)] “deviceready has not fired after 5 seconds.”, source: file:///android_asset/www/cordova.js (1186)

I removed ionic analytics for now, but would love to try this service!

This is the commit that broke the app for Ionic View:

Any Ideas?