Task hijacking is a vulnerability that affects Android
applications due to the configuration of Task Control features in
the AndroidManifest.xml file. This flaw can allow an
attacker or a malicious app to take over legitimate apps,
potentially leading to information theft.
Scenario
{{< figure path=task-hijacking.png caption=“Based on ‘Android Task hijacking’ by Evgeny Blashko & Yury Shabalin in ‘Positive Hack Days - PHDays VII Hacking conference’” >}}
Security implication (this scenario)
When the back button is pressed on
Bank-Main-Activity, the user will go to the
Mal-Activity 2.
Note: * There are many other scenarios, in this case we focus only on this one. For more details on other scenarios, refer to [↗]. Slides [↗]. * The only real remediation is update to
android:minSdkVersion="28".
Requirements:
android:minSdkVersion is
< 30 in AndroidManifest.xml
android:launchMode="singleTask" in
AndroidManifest.xml (necessary for this scenario)You can use malware apk by ivan sincek.
To hijack a task, modify the task affinity in
AndroidManifest.xml of malware.apk under
MainActivity. Set it to PackageNameVictim
and rebuild the APK.
Example:
<! -- AndroidManifest.xml victim.apk -->
<manifest ... package="com.victim.bank" ...>
<! -- AndroidManifest.xml malware.apk -->
<activity android:name="com.kira.malware.activities.MainActivity" android:exported="true" android:taskAffinity="com.victim.bank" ...>