Skip to main content
Android Cracks and App Hacks — What Is StrandHogg?

This post is from the Arxan blog and has not been updated since the original publish date.

Last Updated Feb 24, 2020 — Application Security expert

Android Cracks and App Hacks — What Is StrandHogg?

Application Security

StrandHogg is a critical vulnerability within the Android mobile operating system allowing bad actors to obtain login credentials and gain control of security-sensitive apps. The exploit was originally discovered in 2015 but recently renamed “StrandHogg” — old Norse for a Viking tactic of plundering coastal settlements and ransoming imprisoned natives.

This vulnerability is a manifestation of the Android control setting taskAffinity. Summarily, taskAffinity grants apps the right to declare themselves as friends (Affinity) allowing the Android ‘BACK’ button to work in a seamless, user-friendly way. Conversely, the use of the taskAffinity setting introduced a vector through which malware writers have developed data theft attacks, utilizing this vulnerability to access any type of shared/available data.

Users can configure their apps to avoid StrandHogg exploitation by denying all forms of interaction with other applications where Affinity doesn’t exist. A setting in the Android manifest will protect users from a deluge of false friends inherited as a result of malware activity. Further steps to protect include checks that ensure malware hasn’t changed this setting.

Arxan testing found that 80% of apps don’t use the taskAffinity setting, and that only 10% of those apps take the simple step that would block StrandHogg. Vulnerabilities in the Android operating system will continue to be uncovered and rediscovered. Arxan's code protection tools can render such attacks impossible. Arxan's Android app code-level security features protect apps against code-level exploitation, automatically triggering on suspicious activity, and alert on attacks — all in real-time.

 

More from the Blog

View more
Jun 05, 2020

In Plain Sight II: On the Trail of Magecart

Application Security
On the surface, the breaches that impacted British Airways, Ticketmast ...
Read More
Jun 02, 2020

Here Comes CCPA

Application Security
  Ready Or Not, Here It Comes! As of publication, there are 147 ...
Read More
May 27, 2020

Application Security: Testing is NOT Enough

Application Security
In the software development world, developers are faced with a break ...
Read More
Apr 16, 2020

The Next Step in the Arxan Journey

Application Security
  As many of you may have seen, we just announced that we have been ...
Read More
Contact Us