How to solve Intent Redirection Vulnerability in android apk?

Question

I created my app in Unity, then exported project and then I generated signed apk in Android Studio.

I wanted to upload my app to Google Play store, but it has been rejected because of security vulnerabilities.

The vulnerability is Intent Redirection and I was recommended to follow one of these steps: https://support.google.com/faqs/answer/9267555

My app uses firebase (db and auth) and I suppose that this could cause the vulnerability (but Im not sure, because my Alerts in Play Console are empty). But how can I fix this problem?

I tried to add android:exported=”false” to my Manifest file, but it only contains one activity, which is probably my whole app created in Unity. So when I added android:exported=”false” to this activity, I wasnt able to install my app (I found why Android Manifest's android:exported="false" prevents app from running on device)

My database manager looks like this:

public class DatabaseManager : MonoBehaviour

{

public static DatabaseManager sharedInstance = null;

private void Awake()
{
    if (sharedInstance == null)
    {
        sharedInstance = this;
    }
    else if (sharedInstance != this)
    {
        Destroy(gameObject);
    }

    DontDestroyOnLoad(gameObject);
    FirebaseApp.DefaultInstance.SetEditorDatabaseUrl("https://addresstomydatabase.com/");

}

What should we do if we use react-native? We cannot find which package causes this issue. Thanks! — user2078023, Nov 16 '20 at 09:24

score 0 · Answer 1 · answered Apr 28 '20 at 18:35

0

Ok, so I received an asnwer from google play support and the vulnerability was caused by xiaomi dependecies.

Here is how to solve this problem: Your app contains an Intent Redirection vulnerability

answered Apr 28 '20 at 18:35

dandelion

21
1
3

How to solve Intent Redirection Vulnerability in android apk?

1 Answers1