less than 1 minute read

Just came across this nugget after Googling for 30 seconds.


Essentially, you can mine an app for the intents it signals to the outside world, then intercept, then re-inject them with your own modified data. Does this seem like a potential app vulnerability to you?

More research must be done, but this smells like something I want to bring up in my Edges of Espresso talk at AnDevCon SF this month.

Update 2016-11-11

Found this, old, but good article supporting my concerns. Intentional Evil: A Pen Tester's Overview of Android Intents

Also, I keep re-reading this one on IntentTestRule usage because it's so how my brain works. http://www.catehuston.com/blog/2016/04/28/testing-intents-on-android-like-stabbing-yourself-in-the-eye-with-a-blunt-implement/

Some really great use cases for Facebook Connect login stubbing here: