Abusing Intent in NASA’s Android App | Mobile Hacking

In this video I analyze how NASA’s mobile app “Spot the Station” exposes an exported Intent handler used internally by the Notifee notification framework. This is not a vulnerability with real security impact, but it’s a perfect case study to understand how Android handles notification-related Intents, auto-cancel flows, and how abusing them can be used for research, PoCs and mobile hacking education. I’ll show the exact manifest entry, the underlying Java code, and how a custom PoC app can trigger the notification flow programmatically. I hope you found it useful (: 00:00 - Intro 00:02 - APK Extraction 00:42 - Static Code Analysis 02:46 - Instrumentation with FRIDA 03:45 - PoC