'com.facebook.CustomTabMainActivity vulnerable to Intent Redirection on GooglePlay

I have just got rejection of my app update with the message below.

Your app(s) are vulnerable to Intent Redirection.

com.facebook.CustomTabMainActivity->onCreate

i am using a facebook login in the app and it uses activity as below defined. Simple solution could be to set exported="false" but even my build is not working I get a build error " error MSB6006: "java.exe" exited with code 1." I am using xamarin. I am not sure if that is related to it but i guess not.

<activity android:name="com.facebook.CustomTabMainActivity" android:exported="true" />
        <activity android:name="com.facebook.CustomTabActivity" android:exported="true">
            <intent-filter>
                <action android:name="android.intent.action.VIEW" />
                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.BROWSABLE" />
                <data android:scheme="@string/fb_login_protocol_scheme" />
            </intent-filter>
        </activity>

If i understand correctly, exported=false also not a good solution i need data from another app. In this case if user has facebook app installed and login details should be delivered from the facebook app, exported=false makes the activity private and cannot receive the data. So what could be the possible solution here?

androidxamarin.android


Solution 1:[1]

You have a duplicate, the first line is not necessary.

<activity android:name="com.facebook.CustomTabMainActivity" android:exported="true" />

Only use the rest and the sign in works.

Solution 2:[2]

I have found the problem with diagnostic build. I have Android library in the project which has also Manifest file. Indeed my Manifest in the Android library project didnt have anything within the application tags as shown below.

<application />

But somehow setting goes double with once true and other with false. Not sure why but within the logs I have found out that was message like "at the line xx android:exported="false" and other line yy android:exported="true" use tools:replace. This seems to be caused by Manifest merger and simply setting as below solved the error and now it builds fine and works as well.

    <activity android:name="com.facebook.CustomTabActivity" 
tools:replace="android:exported" android:exported="false">

I hope that it helps in case anyone come across with the same issue

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Michael O
Solution 2 Emil

Related Questions

Android - Fill different colors between two lines using MPAndroidChart

Use azure file share smb with android file manager

Android - Fill different colors between two lines using MPAndroidChart

Use azure file share smb with android file manager

Android - Fill different colors between two lines using MPAndroidChart

Use azure file share smb with android file manager

Android - Fill different colors between two lines using MPAndroidChart

ADB exited with exit code 1

ADB exited with exit code 1

how to create folder inside /Android/media in android 11?

how to create folder inside /Android/media in android 11?

how to create folder inside /Android/media in android 11?

Dialogflow v2 android sdk - Add QueryParameters to QueryInput

Dialogflow v2 android sdk - Add QueryParameters to QueryInput

Access high fps camera on Android