Exploring intent-based Android security vulnerabilities on Google Play

Researchers from Snyk Security Team have discovered intent-based Android security vulnerabilities within applications uploaded to Google Play store. These vulnerabilities involve intents, objects used for launching operations by components of an app. Intents are utilized for internal and external communication between apps, which can lead to injection and redirection attacks resulting in leaking private data stored by the app. The team analyzed top applications across 50 categories on Google Play store and found vulnerabilities in various popular apps including a shopping app, a social network app, and more. These intent-based security issues are similar to SQL injections or cross-site scripting (XSS) attacks in web applications.