Ever since KitKat was released, I've noticed a whole bunch of my apps updating with "Fixing a crash in Kit Kat". Recently when I released my own app, I figured out the likely source of that is the new "isValidFragment" requirement for using preference activities. I haven't been able to get anyone, however, to explain why this new class is suddenly needed to validate fragments. Can anyone offer me an explanation of why this is required?
Subclasses should override this method and verify that the given fragment is a valid type to be attached to this activity. The default implementation returns true for apps built for android:targetSdkVersion older than KITKAT. For later versions, it will throw an exception.
A New Vulnerability in the Android Framework: Fragment Injection
We have recently disclosed a new vulnerability to the Android Security Team. The vulnerability affected many apps, including Settings (the one that is found on every Android device), Gmail, Google Now, DropBox and Evernote. To be more accurate, any App which extended the PreferenceActivity class using an exported activity was automatically vulnerable. A patch has been provided in Android KitKat. If you wondered why your code is now broken, it is due to the Android KitKat patch which requires applications to override the new method, PreferenceActivity.isValidFragment, which has been added to the Android Framework.
http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection/ http://securityintelligence.com/wp-content/uploads/2013/12/android-collapses-into-fragments.pdf