Learning Android Development
The Risk of Android StrandHogg Security Issue and How it can be Mitigated
It might be low possibility but high impact risk. Let’s tackle it
Published in
7 min readJun 29, 2021
Lately, it came to my attention of an Android security issue reported by Promon in 2019, and again shared by the article below recently.
Note: This article is focus on StrandHogg (1.0) and not StrandHogg (2.0), as Google has addressed that more widely in CVE-2020–0096
The possible attack in simple explanation
- The user has to (accidentally) install another app (I call the attacker app).
- The attacker App will need to be launched (accidentally) before it’s targeted attack app (e.g. our App) is launched
- When the targeted attacked app launch, it will accidentally launch the attacker app (instead of our App).
- User might mistaken that is our App (assuming the attacker app design to be similar to our App)…