Rule Definition
For activities and broadcast receivers, intents are the preferred mechanism for asynchronous IPC in Android. Depending on your application requirements, you might use sendBroadcast(), sendOrderedBroadcast(), or an explicit intent to a specific application component. For security purposes, explicit intents are preferred. For services, to ensure that your app is secure, always use an explicit intent when starting a Service and do not declare intent filters for your services. Using an implicit intent to start a service is a security hazard because you can't be certain what service will respond to the intent, and the user can't see which service starts. Beginning with Android 5.0 (API level 21), the system throws an exception if you call bindService() with an implicit intent.

Remediation
Never use an implicit intent to bind to a Service. Verify if your application need to use an implicit intent for the activities and activities and broadcast receivers. If not, you should use explicit intent for your application security.

Violation Code Sample

implicit intent:
Intent ServiceIntent= new Intent();
sendIntent.setAction(Intent.ACTION_SEND); // ACTION_SEND is defined in AndroidManifest file.
startService(serviceIntent);

Fixed Code Sample

Using an explicit Intent:

Intent serviceIntent = new Intent(this, nameClass.class);
startService(serviceIntent);

https://developer.android.com/guide/components/intents-filters#Types https://developer.android.com/training/articles/security-tips#use-intents