3.4.1 Activities

DROZER

run app.activity.info -a com.x.x.x

run app.activity.start --component com.x.x.x com.x.x.x.ActivityName

Displays exported acclivities and starting them

ADB

adb shell am start -n com.x.x.x/ActivityName

In order to get the activity names - use drozer or also have a look the AndroidManifest.xml

THINGS TO REPORT

• Bypass so called "protected" activities (i.e. creds needed) and access sensitive information

• Accessed "hidden" activities (if Admin-UI or Debug-UI are implemented)