Security News > 2020 > June > Researcher Demonstrates Android App Hacking via Intents
A security researcher was able to compromise an Android application by invoking each of its exposed Activity components.
Activities, one of the three primary components of Android apps, are called using Intents, which are messaging objects that applications use to communicate with their different components.
With every Android application having an AndroidManifest.
While auditing an internal messaging application designed specifically for communication within a company, the security researcher noticed a series of exported Activities being used.
"By using information contained in the AndroidManifest.xml via an adb shell anyone can explore an Android app for unintended behavior. While the Authentication Bypass here is an extreme example of the type of insecurities that can be found, this technique has been used to find and exploit Android app vulnerabilities for years," Mendoza points out.