Intent redirection are vulnerabilities in Android applications that can be abused by attackers to trigger certain functionality. It depends a lot on how limited the input is. Maybe we are only changing a few parameters that will be displayed on the screen, or maybe we can open any activity of the app, even private ones. In the last case, it would be very bad if this application is running as the user “system”.
Leave a Reply