less than 1 minute read

Just came across this nugget after Googling for 30 seconds.

https://github.com/intrications/intent-intercept

Essentially, you can mine an app for the intents it signals to the outside world, then intercept, then re-inject them with your own modified data. Does this seem like a potential app vulnerability to you?

More research must be done, but this smells like something I want to bring up in my Edges of Espresso talk at AnDevCon SF this month.

Update 2016-11-11

Found this, old, but good article supporting my concerns. Intentional Evil: A Pen Tester's Overview of Android Intents

Also, I keep re-reading this one on IntentTestRule usage because it's so how my brain works. http://www.catehuston.com/blog/2016/04/28/testing-intents-on-android-like-stabbing-yourself-in-the-eye-with-a-blunt-implement/

Some really great use cases for Facebook Connect login stubbing here:
https://medium.com/@_rpiel/how-to-test-facebook-connect-with-espresso-8a1af3e38d50

 

Categories:

Updated: