Intercepting Espresso Intents, a Security Concern?
Just came across this nugget after Googling for 30 seconds.
https://github.com/intrications/intent-intercept
Essentially, you can mine an app for the intents it signals to the outside world, then intercept, then re-inject them with your own modified data. Does this seem like a potential app vulnerability to you?
More research must be done, but this smells like something I want to bring up in my Edges of Espresso talk at AnDevCon SF this month.
Update 2016-11-11
Found this, old, but good article supporting my concerns. Intentional Evil: A Pen Tester's Overview of Android Intents</p>
</a>Also, I keep re-reading this one on IntentTestRule usage because it's so how my brain works. http://www.catehuston.com/blog/2016/04/28/testing-intents-on-android-like-stabbing-yourself-in-the-eye-with-a-blunt-implement/ Some really great use cases for Facebook Connect login stubbing here:
https://medium.com/@_rpiel/how-to-test-facebook-connect-with-espresso-8a1af3e38d50