The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.