cordova-android has modifiable secondary configuration values. If an application is created without explicit values set in the config.xml
file, attackers can set these variables by using Intent
. Leveraging this, they can change the behavior of the application.