Android StrandHogg Task Injection POC
This project demonstrates how StrandHogg task injection works.
How it works
- Change
R.string.target_packagevalue to thetarget packagevalue. - Install the POC and run it.
- Run the
target packageand this POC will hijack the task.
More details
- (2015) https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-ren-chuangang.pdf
- (2017) https://www.slideshare.net/phdays/android-task-hijacking
- (2019) https://twitter.com/ivanmarkovicsec/status/1201592031333761024
- (2019) https://promon.co/security-news/strandhogg/
And for/from developers:
- https://github.com/Ivan-Markovic/Android-Task-Injection
- https://inthecheesefactory.com/blog/understand-android-activity-launchmode/en
- https://developer.android.com/guide/components/activities/tasks-and-back-stack
- https://medium.com/@iammert/android-launchmode-visualized-8843fc833dbe
Video:
On this page
Languages
Kotlin100.0%
Contributors
GNU General Public License v3.0
Created December 27, 2019
Updated February 6, 2026