An intent filter is an Android manifest rule that tells the system which app components may receive a given intent. It can match an action, data type, URI scheme, host, path, and categories, allowing an app to declare, for example, that it handles a login redirect or a custom link. Android uses these declarations to route messages between apps and within an app itself.
In cyber security, intent filters matter because they help define a trust boundary. If a filter is too broad, a malicious app may be able to intercept sensitive redirects, impersonate a handler, or trigger exported components in ways the developer did not expect. Attackers look for weak matching rules, unprotected deep links, and components that accept authentication-related intents. Defenders reduce risk by narrowing filters, avoiding unnecessary exported handlers, validating incoming data, and binding redirects to the correct package and signature. For mobile identity flows, a precise intent filter is part of making sure tokens and sign-in responses reach only the intended app.