Android App Pentest (Intent Attack Surface)

By /

Listen to this Post

You Should Know:

1. Sensitive Exported Activity

  • Check for exported activities in the `AndroidManifest.xml` file: 
    adb shell dumpsys package <package_name> | grep "exported=true"
  • Exploit using ADB: 
    adb shell am start -n <package_name>/<activity_name>

2. Intent Redirection

  • Identify intent redirection vulnerabilities by analyzing the app’s intent handling logic.
  • Example of exploiting intent redirection: 
    adb shell am start -a android.intent.action.VIEW -d "https://malicious.com"

3. Implicit Intent Hijacking

  • Use the following command to list all activities that can handle a specific intent: 
    adb shell pm query-intent-activities -a android.intent.action.VIEW -d "https://example.com"
  • Exploit by sending a malicious intent: 
    adb shell am start -a android.intent.action.VIEW -d "https://malicious.com"

4. Misconfiguration Deep Link Handling

  • Test deep link handling by sending a deep link intent: 
    adb shell am start -W -a android.intent.action.VIEW -d "app://deeplink"
  • Check for misconfigurations in the `AndroidManifest.xml` file.

5. Pending Intent

  • Analyze the app’s use of pending intents for potential vulnerabilities.
  • Example of creating a pending intent: 
    PendingIntent pendingIntent = PendingIntent.getActivity(context, 0, intent, PendingIntent.FLAG_IMMUTABLE);

What Undercode Say:

Understanding the intent attack surface is crucial for securing Android applications. By exploiting vulnerabilities such as sensitive exported activities, intent redirection, and implicit intent hijacking, attackers can gain unauthorized access to sensitive data or functionality. Always ensure that activities are not unnecessarily exported, and validate all incoming intents. Regularly test your app’s deep link handling and pending intents to prevent potential security breaches. For further reading, refer to the Android Developer Documentation and OWASP Mobile Security Testing Guide.

Related Commands:

  • List all installed packages: 
    adb shell pm list packages
  • Dump the `AndroidManifest.xml` of an app: 
    apktool d <app_name.apk>
  • Check for exported content providers: 
    adb shell dumpsys package <package_name> | grep "Provider{"

References:

Reported By: Abhirup Konwar – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

Whatsapp
TelegramFeatured Image

Related Posts: