Assigned
Status Update
No update yet.
Comments
rr...@google.com
rr...@google.com
Thanks for the report. I will route this to the appropriate internal team and update this when I hear back from them.
ka...@gmail.com
One more detail, Data Layer event calls from the watch to the phone (running Android 13) do work on if the listener is in an Activity or Fragment.
va...@underdefense.com
Also, I'm seeing this message in the Logcat:
"2022-06-12 18:47:15.156 1841-4562/? W/PackageManager: Intent does not match component's intent filter: Intent { act=com.google.android.gms.wearable.BIND_LISTENER"
"2022-06-12 18:47:15.156 1841-4562/? W/PackageManager: Intent does not match component's intent filter: Intent { act=com.google.android.gms.wearable.BIND_LISTENER"
as...@bt.com
Experiencing the same issues, please see my other report for any useful logs:
https://issuetracker.google.com/issues/235673375
ma...@google.com
ma...@google.com
ma...@google.com
+1, can confirm it doesn't work on Android 13:=
2022-07-15 11:26:15.023 589-5347 PackageManager pid-589 W Intent does not match component's intent filter: Intent { act=com.google.android.gms.wearable.BIND_LISTENER cmp=xxx/xxx.WatchMessageReceiver }
2022-07-15 11:26:15.023 589-5347 PackageManager pid-589 W Access blocked: ComponentInfo{xxx/xxx.WatchMessageReceiver}
2022-07-15 11:26:15.023 589-5347 ActivityManager pid-589 W Unable to start service Intent { act=com.google.android.gms.wearable.BIND_LISTENER cmp=xxx/xxx.WatchMessageReceiver } U=0: not found
Description
What you would like to accomplish:
Confused deputy attacks can happen in GCP when service account impersonation is used.
To establish unique trust that can’t be exploited by a confused deputy attack, client-vendor trust should include a non-public (and at the very least hard-to-guess) component.
The attack would go as follows: Before the attack, ExampleCompany registers with ExampleVendor. To enable ExampleVendor to act in your production environment, you create the service accountexample_vendor@client_prod.iam.gserviceaccount.com , allowing example_vendor_prod@example_vendor_prod.iam.gserviceaccount.com to impersonate it.
An attacker sets up a new profile with the ExampleVendor and inputs example_vendor@client_prod.iam.gserviceaccount.com as the service account that ExampleVendor can impersonate.
The attacker can now log into their profile with the ExampleVendor.
How this might work:
We would suggest a similar solution to the AWS ExternalId solution.(https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html )
The customer registers with ExampleVendor. ExampleVendor asks the customer to grant permissions to impersonate a service account with an external ID condition provided by the vendor. When ExampleVendor uses any of the service account impersonation methods (https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts ), GCP checks that the external ID of the connection request is identical to that set by the customer in its service account.
If applicable, reasons why alternative solutions are not sufficient:
Currently, most third-party vendors use permanent service account keys to access customer environments, creating credential leakage risk. Workarounds are possible. A vendor can do one of the following:
All of these solutions: Are insecure by default (insecure unless the vendor takes active steps) Create workflow inconvenience Rely on vendor and customer behavior to be effective
Other information:
We have consulted withamiteinav@google.com and guyfeldman@google.com on the issue.
They have suggested that we request this feature.