Skip to content

Android task hijacking with taskAffinity, Automatically add android:taskAffinity in a new project  #63559

New issue
New issue
Closed
Closed
Android task hijacking with taskAffinity, Automatically add android:taskAffinity in a new project #63559
Assignees
Hixie
Labels
P2Important issues not at the top of the work lista: platform-viewsEmbedding Android/iOS views in Flutter appsplatform-androidAndroid applications specificallyteam-androidOwned by Android platform team
@Wouter12

Description

@Wouter12
Wouter12
opened on Aug 12, 2020

Use case

I discovered that Android task hijacking is allowed in a flutter application, any malicious app can put itself on the stack of the flutter application by adding taskAffinity="com.example.myFlutterApp" in the AndroidManifest.xml of the <activity> tag of the MainActivity

Steps to Reproduce

  1. create a new blank android project, in AndroidManifest.xml add
    android:excludeFromRecents="true" android:launchMode="singleTask" android:taskAffinity="{com.example.myFlutterApp}" in the <activity> tag from the MainActivity.
  2. open the com.example.myflutterapp application.
  3. run the android app
  4. close it and open the flutter application again

Expected results:

The flutter application

Actual results:

the android application

Proposal

Automatically add android:taskAffinity="" to the <application> tag in the AndroidManifest.xml of the flutter app

Metadata

Metadata

Assignees

Labels

P2Important issues not at the top of the work lista: platform-viewsEmbedding Android/iOS views in Flutter appsplatform-androidAndroid applications specificallyteam-androidOwned by Android platform team

Type

No type

Projects

Tools - Android review

Status

Engineer reviewed

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions