This allows triggering injection and redirection attacks resulting in leaking private data stored by the app.
Intents are used by internal components to communicate with each other as well as to access exported components of other applications. Our focus was on security issues involving intents - objects used for launching an operation that is to be performed by a component of the app. To do so, we leveraged Snyk Code to analyze and search for vulnerabilities in applications uploaded to the Google Play store.
After discovering and then publishing our findings on SourMint - the malicious iOS ad SDK - the Snyk Security Team decided to dig deeper in the Android ecosystem. Our phones know a lot about us, so it’s important we can trust them.
0 kommentar(er)
