[Interest] Pen-Test detects IntentSpoofing from Qt Android App

ekke ekke at ekkes-corner.org
Tue Mar 3 16:19:47 CET 2020


One of my customers did a penetration test and detected IntentSpoofing 
from Qt Android App:

from the test protocol:
Use of a string value market://details?id=org.kde.necessitas.ministro to 
construct an Intent --> Method 
org.qtproject.qt5.android.bindings.QtActivityLoader$1.onClick(): ...
see details: QTBUG-82546

 From my understanding this onClick() method is only needed if Qt 
Android App is deployed using Ministro.
I'm not using Ministro - is there a way to remove this piece of code if 
not deployed w Ministro ?

ekke



More information about the Interest mailing list