Key Information Vulnerability Description Vulnerability Type: Android Manifest Misconfiguration leading to Task Hijacking Affected Application: AfterShip (com.aftership.Aftership) Impact Scope: All Android versions prior to Android 11 Reproduction Steps 1. User downloads a malicious application. 2. User uses the malicious application. 3. User launches the victim application; however, the displayed activity is not the legitimate app’s activity but a phishing activity from the malicious app. 4. User enters personal information within the victim application, resulting in account information leakage or granting permissions to the malicious application. Principle The attribute is either not set or defaults to the package name. Attackers can create a task stack with the same as the victim application. When the user opens the victim application, the malicious app’s task stack is displayed instead, enabling phishing attacks. Mitigation Measures In , set the of the application’s activities to or a randomly generated task affinity. Alternatively, set in the activity tag. Attacker Code Example Sample code for and demonstrates how to configure a malicious application to perform task hijacking. Impact Due to improper configuration in the Android manifest file, attackers can create malicious mobile applications to hijack legitimate apps and steal sensitive information. Reference Links Medium Article