Скачать или смотреть Don’t let attackers exploit your app via Intents

Intents are the starting points for every Android application. The platform is very much built on Activities, potentially from different apps interacting with each other to complete some tasks. This open nature can be an avenue for exploitation.

You have to consider Intents what they are: inputs. And inputs must be sanitized. With this mentality, you can protect against many attacks, but some can only be avoided with the right architecture and platform support. Google finally made strides in this area with Android 15’s safer Intents. At the same time, you need to understand the attack surface to defend your apps.

I will describe and demonstrate such issues:
Privilege escalation via Intent redirection
Denial-of-service via malformed Intents
Leaking data via Intent parameter injection
App impersonation via Task hijacking (StrandHogg)

At the end of the talk, you will have an understanding of mitigating and remediating many Intent-based Android vulnerabilities.