The sub-techniques beta is now live! Read the release blog post for more info.

Android Intent Hijacking

A malicious app can register to receive intents meant for other applications and may then be able to receive sensitive values such as OAuth authorization codes[1].

ID: T1416
Tactic Type: Post-Adversary Device Access
Tactic: Credential Access
Platform: Android
Version: 1.1
Created: 25 October 2017
Last Modified: 03 February 2019

Mitigations

Mitigation Description
Application Vetting

When vetting applications for potential security weaknesses, the vetting process could look for insecure use of intents. Developers should be encouraged to use techniques to ensure that the intent can only be sent to an appropriate destination (e.g., use explicit rather than implicit intents, permission checking, checking of the destination app's signing certificate, or the App Links feature added in Android 6.0). For mobile applications using OAuth, encourage use of best practice.[2][3]

References