Android Apk Task Hijacking
Description
Detects task hijacking vulnerabilities in Android applications where activities can be intercepted by malicious apps. This security flaw allows attackers to inject malicious activities into the app's task stack, potentially leading to information theft or phishing attacks.
Detection Strategy
• Analyzes the AndroidManifest.xml file for activity declarations
• Checks if activities are launched in a new task (android:launchMode="singleTask" or "singleInstance")
• Verifies the target SDK version as task hijacking mitigations vary by Android version
• Flags activities that don't implement proper task affinity protections
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.