This Docker image automates the generation of a Proof-of-Concept (PoC) Android application to demonstrate Task Affinity vulnerabilities (StrandHogg, Task Hijacking). It allows for rapid customization of the taskAffinity attribute and application branding via Docker.
The generated APK will be available in your local ./output directory after the build completes.
Set the targetapp environment variable to the package name of the app you wish to target.
docker run --rm \
-v $(pwd)/output:/data/output \
-e targetapp="com.example.victimapp" \
ghcr.io/handshake-hk/android-task-affinity-pocTo make the PoC look more convincing, you can mount a custom .png from your host to the container.
docker run --rm \
-v $(pwd)/output:/data/output \
-v $(pwd)/my_custom_logo.png:/data/logo.png \
-e targetapp="com.example.victimapp" \
ghcr.io/handshake-hk/android-task-affinity-pocThis tool is for educational and authorized security testing purposes only. Unauthorized use against systems without prior consent is illegal.