Learning Android Development

The Risk of Android StrandHogg Security Issue and How it can be Mitigated

It might be low possibility but high impact risk. Let’s tackle it

Photo by Jefferson Santos on Unsplash

Lately, it came to my attention of an Android security issue reported by Promon in 2019, and again shared by the article below recently.

A deep dive into Task Hijacking in Android

Note: This article is focus on StrandHogg (1.0) and not StrandHogg (2.0), as Google has addressed that more widely in CVE-2020–0096

The possible attack in simple explanation

1. The user has to (accidentally) install another app (I call the attacker app).
2. The attacker App will need to be launched (accidentally) before it’s targeted attack app (e.g. our App) is launched
3. When the targeted attacked app launch, it will accidentally launch the attacker app (instead of our App).
4. User might mistaken that is our App (assuming the attacker app design to be similar to our App)…