CVE-2020-25204

Name of the Vulnerable Software and Affected Versions God Kings application version 0.60.1

Description The issue concerns the exposure of a broadcast receiver in the God Kings application, specifically com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver, which is intended to display in-game push notifications. However, the application lacks an authorization schema for this broadcast receiver, allowing any application to send fully customizable in-game push notifications. This could potentially be exploited for spoofing in-game notifications.

Recommendations For God Kings application version 0.60.1, consider restricting access to the com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver broadcast receiver to prevent unauthorized applications from sending in-game push notifications. As a temporary workaround, disabling the broadcast receiver until a proper authorization schema is implemented could mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.