ADB (Android Debug Bridge) to bypass the lock screen (ForegroundLockActivity) and directly launch the protected main screen (MainActivity). This completely skips the authentication process, allowing unauthorized access to all data and functionalities within the app.1. Vulnerability in Locking Logic (ForegroundLockActivity.java)
ForegroundLockActivity determines the following behavior based on the IS_APP_JUST_LAUNCH_KEY and IS_APP_NEXT_ACTIVITY_KEY values received from 'Intent'. This means that the activity behavior can be controlled by external input.
If you look at the authentication logic, you can compare the password you entered with the stored password to see if it matches. If the authentication succeeds, call the GlobalApplication.getInstance().onGotoForegroundUnlock() method to change the status of certain variables in the Applicationcontext. Then, create 'Intent' to target MainActivity.class, call startActivity() and terminate yourself using finish().
// ForegroundLockActivity.java
@Override
protected void onNewIntent(Intent intent) {
super.onNewIntent(intent);
this.bundle = intent.getExtras();
try {
this.mIsAppJustLaunch = intent.getBooleanExtra(IS_APP_JUST_LAUNCH_KEY, true);
this.mNextActivityName = intent.getStringExtra(IS_APP_NEXT_ACTIVITY_KEY);
} catch (Exception unused) {
this.mIsAppJustLaunch = true;
}
}
// ForegroundLockActivity.java
GlobalApplication.getInstance().onGotoForegroundUnlock();
Intent intent = new Intent();
intent.setClass(this, MainActivity.class);
startActivity(intent);
finish();