[Mobile Application]
Security Research Center
Android task hijacking
Android task hijacking allows a malicious mobile app to inherit the identity of a victim app to execute phishing attacks on users. A fake activity is displayed instead of the real one, which allows the attacking malware to gain access to the users' data.
Task hijacking attacks are similar to UI injections because they also rely on malicious activities that imitate the real application activities. The difference is that in the case of task hijacking, the malicious activity is displayed not on top of the original activity, but instead of the original activity. The malicious activity is added to the original task, which makes it very hard to detect by an unsuspecting user.
Examples of task hijacking attacks are:
- Task affinity vulnerability aka StrangHogg attack. Applies for API Level < 30 (Android < 11).
Context.startActivities()
hijack aka StrandHogg 2.0 attack Applies for API Level < 29 (Android < 10).
Android task hijacking defense techniques
Guardsquare
Connect with the author
Table of contents