Elseplus File Recovery App Task Hijacking Vulnerability

A task hijacking vulnerability has been identified in Elseplus File Recovery App version 4.4.21 for Android. This issue arises from an improper export of application components in the AndroidManifest.xml file, allowing malicious apps to inherit permissions from vulnerable ones. The vulnerability affects all Android versions prior to Android 11 and can be exploited locally.

Impact

Exploitation of this vulnerability allows for task hijacking, where a malicious application can take over a legitimate app's task, potentially leading to the theft of sensitive information from the user.

Reproduction

To reproduce this vulnerability, a malicious app must be created and installed on a device. This app should be designed to hijack a task from the Elseplus File Recovery App by setting its taskAffinity to match that of the target app. Once the malicious app is opened, it will take over the task of the file recovery app, allowing it to display a phishing page and collect personal information from the user.

Remediation

Users can mitigate this vulnerability by setting the taskAffinity property of the application's activities to an empty value in the AndroidManifest.xml, forcing the activities to use a randomly generated task affinity. Alternatively, this can be set at the application tag level to apply to all activities.