Intent Redirection Your app(s) are vulnerable to Intent Redirection.
To address this issue, follow the steps in this Google Help Center article.
com.emp.choice.Activity.LoginActivity$17.onSuccess com.emp.choice.Activity.VerifyOtpActivity$4.onSuccess
To confirm you’ve upgraded correctly, submit the updated version of your app to the Play Console and check back after five hours. We’ll show a warning message if the app hasn’t been updated correctly.
While these vulnerabilities may not affect every app, it’s best to stay up to date on all security patches.
What exaclty the issue is? How can solve this issue?
Intent Redirection is a security vulnerability in Android apps that allows malicious apps to hijack the launch of other apps or activities. This can lead to sensitive data being exposed, unauthorized actions being performed, and ultimately compromise the user's device.
Here are some steps you can take to resolve the Intent Redirection vulnerability in your app:
1. Check the affected app components:
Identify which app components are vulnerable to Intent Redirection. This can be done by reviewing the vulnerability report or using tools like the Android Studio Lint tool. Focus on components marked as exported="true" in your app manifest file.
2. Apply appropriate mitigation strategies:
Make vulnerable components private: If an affected component doesn't need to receive Intents from other apps, you can make it private by setting android:exported="false" in the manifest file. This will prevent other apps from launching it directly. Remove unnecessary flags: Remove unnecessary flags from Intents, especially FLAG_GRANT_READ_URI_PERMISSION and FLAG_GRANT_WRITE_URI_PERMISSION. These flags grant access to app data, which can be exploited by malicious apps. Validate the target: Before launching an Intent, validate the target component to ensure it's the intended app or activity. You can use methods like resolveActivity(getPackageManager()) to verify the package name and class name.
Use explicit Intents: When launching activities within your own app, use explicit Intents instead of implicit Intents. This allows you to specify the exact component to be launched, reducing the risk of redirection. Limit data access: When using Intents with data URIs, be cautious about the permissions granted and the data exposed. Only grant access to the minimum necessary data and use proper access control mechanisms.
Update your app: If available, update your app to the latest version. Developers may have already addressed the vulnerability in newer versions.
Additional resources: