Key Information Vulnerability Description Vulnerability Type: Task Hijacking caused by Android Manifest Misconfiguration Affected Application: Scooper News (com.hatsune.eaglelee) Impact Scope: All Android versions prior to Android 11 Reproduction Steps 1. User downloads a malicious app. 2. User uses the malicious app. 3. User launches the victim app; however, the displayed activity is not the legitimate app’s activity, but a phishing activity from the malicious app. 4. User mistakenly believes they are using the victim app and enters personal information or grants permissions. Principle Exploits the fact that is either unset or defaults to the package name. Attackers can set the same value in their malicious activity as the victim app. When the malicious activity is launched, it creates a task stack identical to the victim app’s and places itself at the root of the task stack. When the user launches the victim app, the malicious activity in the task stack is brought to the foreground, enabling task hijacking. Mitigation Measures In , set the attribute of the app’s activities to , forcing activities to use randomly generated task affinities, or set it within the tag to enforce this for all activities in the app. Attacker Code Example Android Manifest: Main Activity: Impact Due to misconfiguration in the Android manifest file, task hijacking attacks can be executed, leading to theft of sensitive information. References Medium Article