DDoS Attacks and Repair Solutions

[LYXianan]

Hello, author. I've discovered a service in the project:

This service is set to be exported and has no permission settings.
I launched a DDoS attack on it, which caused the app to experience denial of service and crash (the attack implementation is recorded in https://meeting.tencent.com/crm/Kmdjqw8w41).
Based on this, I've come up with corresponding solutions and code. You can directly replace the original AndroidManifest.xml file to achieve the fix (the fix implementation is recorded in https://meeting.tencent.com/crm/KPGJo7Lrf7).

—————————————————————————————————————————————
the new AndroidManifest.xml file is:
—————————————————————————————————————————————

<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="com.example.coolweather.permission.START_AUTO_UPDATE_SERVICE" />
<application
    android:name=".MyApplication"
    android:allowBackup="true"
    android:icon="@mipmap/weatherlogo"
    android:label="@string/app_name"
    android:networkSecurityConfig="@xml/network_security_config"
    android:roundIcon="@mipmap/ic_launcher_round"
    android:supportsRtl="true"
    android:theme="@style/AppTheme">
    <service
        android:name=".service.AutoUpdateService"
        android:enabled="true"
        android:exported="true"
        android:permission="com.example.coolweather.permission.START_AUTO_UPDATE_SERVICE">
    </service>

    <activity
        android:name=".ui.login.LoginActivity"
        android:label="@string/title_activity_login" />
    <activity android:name=".WeatherActivity" />
    <activity android:name=".MainActivity">
        <intent-filter>
            <action android:name="android.intent.action.MAIN" />

            <category android:name="android.intent.category.LAUNCHER" />
        </intent-filter>
    </activity>
</application>

[LYXianan]

the service is ：
<service
android:name=".service.AutoUpdateService"
android:enabled="true"
android:exported="true"