Just came across this nugget after Googling for 30 seconds.
Essentially, you can mine an app for the intents it signals to the outside world, then intercept, then re-inject them with your own modified data. Does this seem like a potential app vulnerability to you?
More research must be done, but this smells like something I want to bring up in my Edges of Espresso talk at AnDevCon SF this month.
Found this, old, but good article supporting my concerns. Intentional Evil: A Pen Tester’s Overview of Android Intents
Also, I keep re-reading this one on IntentTestRule usage because it’s so how my brain works. http://www.catehuston.com/blog/2016/04/28/testing-intents-on-android-like-stabbing-yourself-in-the-eye-with-a-blunt-implement/
Some really great use cases for Facebook Connect login stubbing here: