Attacking application components
We have had a brief introduction about Android application components in Chapter 3, Fundamental Building Blocks of Android Apps. This section of this chapter explains various attacks that are possible against Android application components. It is recommended to read Chapter 3, Fundamental Building Blocks of Android Apps to better understand these concepts.
Attacks on activities
Exported activities is one of the common issues with Android application components that we usually come across during penetration tests. An activity that is exported can be invoked by any application sitting on the same device. Imagine a situation where an application has had sensitive activity exported and the user has also installed a malicious app that invokes this activity whenever he connects his charger. This is what is possible when apps have unprotected activities with sensitive functionality.
What does exported behavior mean to an activity?
The following is the description of...