StrandHogg attack recents

App under attack

• android:launchMode="singleTask"

Attacker app

• android:launchMode="singleTask"
• android:taskAffinity="com.example.appunderattack"
• android:excludeFromRecents="true"
• moveTaskToBack(true)

Reproduction case

1. Device running Android 10 or lower
2. Open App under attack via icon
3. Press Android home button
4. Open Attacker app (nothing shown)
5. Open task switcher and select App under attack from recents
6. Attacker app displays activity on top

GitHub

View Github