Skip to main content



Android task hijacking using moveTaskToBack() and excludeFromRecents

What is task hijacking in Android? Task hijacking and it's impact in Android was first presented in 2015 at USENIX . It refers to an attack wherein a malicious app takes over the "back stack" of the vulnerable app, and thereafter whenever the user tries to open the vulnerable app, he will instead by greeted by the activity of the malicious app. What are tasks and back stacks? Android developer's documentation states - "A task is a collection of activities that users interact with when performing a certain job. The activities are arranged in a stack—called the back stack —in the order in which each activity is opened. So when a user runs an application, and goes from activity 1 to activity 2, and finally to activity 3 - when the user presses the Back button, the current activity is popped from the top of the stack (the activity 3 is destroyed) and the previous activity (activity 2) resumes (the previous state of its UI is restored). Activities in the stack are ne

Latest Posts

Range Request DoS: An uncontrolled memory consumption vector in Go's net/http

[SSTI] Exploiting Go's template engine to get XSS

Introducing Slacker: Monitoring subdomain additions in real time and automating directory scanning

Escalating subdomain takeovers to steal cookies by abusing document.domain

Got my OSCP cert!

Unauthorised file upload in site

Web cache deception in Valve

Private video info disclosure through API in Vimeo!

XSS in Paypal acquisition!