Ivan Marković
Security consultant and researcher
Long experience in designing and implementation of security solutions, mainly oriented on web, mobile and embedded applications. Author of penetration testing tools, recognized by OWASP organization and BackTrack Linux distribution. Researching work includes discovery of vulnerabilities of numeral applications and services, and for these, author received public apreciations by Microsoft Company..
Task Hijacking in Android POC/Exploit (somebody call it also StrandHogg vulnerability)
Download code: https://github.com/Ivan-Markovic/Android-Task-Injection
More details:
(2015) https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-ren-chuangang.pdf
(2017) https://www.slideshare.net/phdays/android-task-hijacking
(2019) https://twitter.com/ivanmarkovicsec/status/1201592031333761024
(2019) https://promon.co/security-news/strandhogg/
And for/from developers:
https://inthecheesefactory.com/blog/understand-android-activity-launchmode/en
https://developer.android.com/guide/components/activities/tasks-and-back-stack
https://medium.com/@iammert/android-launchmode-visualized-8843fc833dbe
Video:
https://www.youtube.com/watch?v=IYGwXFIYdS8
https://www.youtube.com/watch?v=HPfT9miU_rY
https://www.youtube.com/watch?v=yI0Xh5Oc0x4