Description
Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.
Problem types
CWE-926 Improper Export of Android Application Components
Product status
6.05.15 (semver)
Credits
Felix Segoviano of KoreLogic, Inc.
References
korelogic.com/...urces/Advisories/KL-001-2026-001.poc.js.txt
seclists.org/fulldisclosure/2026/Jan/12
korelogic.com/Resources/Advisories/KL-001-2026-001.txt