347 – Insecure service configuration - Task Hijacking
Description
One of the activities in the application manifest is configured with launchMode=singleTask, this configuration is insecure because it opens the possibility that the application is vulnerable to Task Hijacking.
Impact
- Mislead the user with a malicious application that impersonates the applications functionalities. - Install malicious application on the application users device.
Recommendation
Configure the launchMode with the singleInstance option.
Threat
Unauthorized user with access to the application.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: L
- Attack complexity: H
- Attack Requirements: N
- Privileges required: N
- User interaction: A
- Confidentiality (VC): L
- Integrity (VI): L
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: P