Just saw a post about Blackhat briefing by Jeff Forristal about android vulnerability corresponding to google bug 13678484. I can only find one reference around it i.e. https://android.googlesource.com/platform/libcore/+/android-cts-4.1_r4

Can someone throw more light on it. Looks to me that there might be some issue around certificate chaining and bypass around it.
Shared publiclyView activity