About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Android Jetpack Navigation: Go Even Deeper- 1471

Artem Kulakov - PTSwarm Posted 1 Year Ago
  • Jetpack Compose is a new way for building UIs in Android, replacing the fragments style. Now, navigation between screens represents composable functions. Hence, the Jetpack Navigation library is used for navigating users between screens as well.
  • A developer can do this using deeplinks in Android. In previous research, it was discovered that somebody can route to arbitrary pages on the application if these are controlled, even if the app doesn't support any.
  • The JackPack navigation library has some implicit deep links. Internally, it will assign deep links to each created route that the dev isn't even aware of. As a result, a malicious application on the device can execute the handler.
  • The recommendation to the users is to simple NOT use this library. An example exploit was bypassing a pin screen on the app but force browsing to a different screen. Good post!

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed