Exploring intent-based Android security vulnerabilities on Google Play
Researchers from Snyk Security Team have discovered intent-based Android security vulnerabilities within applications uploaded to Google Play store. These vulnerabilities involve intents, objects used for launching operations by components of an app. Intents are utilized for internal and external communication between apps, which can lead to injection and redirection attacks resulting in leaking private data stored by the app. The team analyzed top applications across 50 categories on Google Play store and found vulnerabilities in various popular apps including a shopping app, a social network app, and more. These intent-based security issues are similar to SQL injections or cross-site scripting (XSS) attacks in web applications.
Company
Snyk
Date published
May 18, 2021
Author(s)
Raul Onitza-Klugman
Word count
1495
Language
English
Hacker News points
None found.