There is security issue reported from our client about some of the Activity and BroadcastReceiver.
The security test result was talking about
(com.****.*****.Activity / BroadcastReceiver) is
not Protected.
An intent-filter exists.
Thing which is common is that all contains intent-filter
Please suggest me what should I do?
You can set android:exported="false" for the activity in your manifest:
android:exported : This element sets whether the activity can be launched by components of other applications — "true" if it can be, and "false" if not. If "false", the activity can be launched only by components of the same application or applications with the same user ID. If you are using intent filters, you should not set this element "false". If you do so, and an app tries to call the activity, system throws an ActivityNotFoundException. Instead, you should prevent other apps from calling the activity by not setting intent filters for it.
If you do not have intent filters, the default value for this element is "false". If you set the element "true", the activity is accessible to any app that knows its exact class name, but does not resolve when the system tries to match an implicit intent.
This attribute is not the only way to limit an activity's exposure to other applications. You can also use a permission to limit the external entities that can invoke the activity (see the permission attribute).
<activity
android:name=".activities.YourActivity"
android:exported="false" />
You can do same for BroadcastReceiver.