Android Intent Hijacking

A malicious app can register to receive intents meant for other applications and may then be able to receive sensitive values such as OAuth authorization codes[1].

ID: T1416

Tactic Type:  Post-Adversary Device Access

Tactic: Credential Access

Platform:  Android

Version: 1.1


Application VettingWhen vetting applications for potential security weaknesses, the vetting process could look for insecure use of intents. Developers should be encouraged to use techniques to ensure that the intent can only be sent to an appropriate destination (e.g., use explicit rather than implicit intents, permission checking, checking of the destination app's signing certificate, or the App Links feature added in Android 6.0). For mobile applications using OAuth, encourage use of best practice.[2][3]