Turn off javascript in android adobe pdf reader?

Report · Jun 28, 2021

Does the android adobe pdf reader app run javascript in pdfs? If so how can I turn it off or force it to ask for permission before running anything?

Report · Jun 28, 2021

The app supports Javascript&colon;

https://www.adobe.com/devnet-docs/acrobatetk/tools/Mobile/androidapi/classes/Doc.html

Report · Jun 30, 2021

Thanks for providing the documentation. Looks like it does support javascript. Do you know how to turn it off? It's a security concern for me.

Report · Jun 30, 2021

You can't turn it off. What security issues does you see?

Report · Jul 01, 2021

I download Pdfs from the internet. I can't really be certain that someone didn't put some malicious JavaScript into the pdf then uploaded it to the internet without looking at the code. On my desktop, I use evince, which doesn't support javascript, so this is not really a concern. I use Adobe on my phone, though, so this is a concern.

Report · Jul 01, 2021

Acrobat Reader on Android doesn't execute malicious JavaScript.

Report · Jul 01, 2021

How would it even tell though? Acrobat only has permissions to use storage and contacts, but it's really the storage access that worries me.

Report · Jul 01, 2021

Where does you see this?

Only following is possible :

https://www.adobe.com/devnet-docs/acrobatetk/tools/Mobile/androidapi/classes/Doc.html

Report · Jul 01, 2021

Interesting, so javascript is only used for getting and setting form fields? I've read about the Pidief exploit, but I'm not sure how the actual exploit works. How would android acrobat protect against something like this?