Android Manifest Misconfiguration Leading to Task Hijacking ...

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://github.com/KMov-g/androidapps/blob/main/caller.id.phone.number.block.md
• Blog Title: Android Manifest Misconfiguration Leading to Task Hijacking in Caller ID app
• Suggested Section: generic-hacking/android-task-hijacking.md

🎯 Content Summary

Android Manifest Misconfiguration Leading to Task Hijacking in Caller ID App (caller.id.phone.number.block)

Description

A default taskAffinity misconfiguration in the Caller ID Android app allows malicious apps to hijack its task stack and display phishing interfaces when the victim launches the legitimate app.
This issue affects all Android versions prior to 11.

Vulnerability Details

By default, Android activities inherit taskAffinit...

🔧 Technical Details

An Android Task Hijacking technique exploits default activity taskAffinity values (the app’s package name). Attackers declare an activity in a malicious app with android:taskAffinity matching a target app, causing Android to merge their tasks. When the user opens the legitimate app, the attacker’s activity at the root of the shared task appears first, enabling fake UI or permission prompts. Prevent this by assigning unique or empty taskAffinity values in...

🤖 Agent Actions

Updated existing page: mobile-pentesting/android-app-pentesting/android-task-hijacking.md

Key additions:

1. Explained default taskAffinity inheritance and why “doing nothing” is dangerous.
2. Added detailed PoC for default-affinity hijack as seen in Caller ID app (manifest & Kotlin code).
3. Clarified difference between classic StrandHogg (singleTask) and default launch-mode variant.
4. Added exploitation checklist, Android 11 mitigation notes and enriched mitigation section.
5. Appended new references including the provided blog URL and related Medium article.

No new files were created—content seamlessly extends the existing Android Task Hijacking section.

✅ Review Checklist

• Content is technically accurate
• Formatting follows HackTricks style guidelines
• Links and references are working
• Content adds educational value
• No sensitive information is exposed

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

📚 Repository Maintenance

• MD files processed: 856
• MD files fixed: 1

All .md files have been checked for proper formatting (headers, includes, etc.).

[carlospolop]

🔗 Additional Context

Original Blog Post: https://github.com/KMov-g/androidapps/blob/main/caller.id.phone.number.block.md

Content Categories: Based on the analysis, this content was categorized under "generic-hacking/android-task-hijacking.md".

Repository Maintenance:

• MD Files Formatting: 856 files processed (1 files fixed)

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0

[carlospolop]

merge