Key Information Vulnerability Description Vulnerability Type: Android Manifest Misconfiguration leading to Task Hijacking Affected Application: Hey Kakao app (com.kakao.i.connect) Impact Scope: All Android versions prior to Android 11 Vulnerability Principle Task Affinity: Most applications do not set or default to the package name for . Attackers can set the same as the target application. Hijack Activity: Attackers create a task stack identical to the target application. When the user launches the target app, the malicious activity is brought to the foreground. Reproduction Steps 1. User downloads the malicious application. 2. User interacts with the malicious application. 3. User launches the target application, but the malicious app’s phishing page is displayed instead. 4. User enters personal information on the phishing page, leading to data leakage or unauthorized permission grants. Mitigation Measures Set the attribute to an empty string or a randomly generated task affinity in . Alternatively, set globally within the tag. Attacker Code Example Video Proof Screenshots from a video demonstrating the successful attack are provided, showing the compromised interface.