Search code examples
androidandroid-intentandroid-security

android webview http site intent

android 9.0 pie compileSdkVersion 26 minSdkVersion 15 targetSdkVersion 28

Hi, I'm trying to publish my android app but I've got a problem

android 9.0 doesn't support http so, I change a code like this 

    <application
        android:usesCleartextTraffic="true"
        android:allowBackup="true"

and a published.. but i got this mail

Intent Scheme Hijacking Your app(s) are using a WebView that is vulnerable to Intent scheme hijacking. To confirm you’ve upgraded correctly, submit the updated version of your app to the Play Console and check back after five hours to make sure the warning is gone.

here is my code AndroidManifest.xml

    <application
        android:allowBackup="true"
        android:icon="@drawable/ic_launcher"
        android:label="{value}"
        android:usesCleartextTraffic="true">

            <intent-filter>
                <action android:name="android.intent.action.MAIN" />
                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>

Activity.java

        public boolean shouldOverrideUrlLoading(WebView view, String url) 
        {
            if (url.substring(0, 6).equals("intent"))
            {
                LoadEduManager(url);
            }
            else
            {
                view.loadUrl(url);
            }
            return true;
        }

public void LoadEduManager(String url)
    {
        boolean flag = true;
        try
        {
            PackageManager pm = getApplicationContext().getPackageManager();

            String appPkg = "com.cdn.";
            PackageInfo info = pm.getPackageInfo(appPkg, PackageManager.GET_ACTIVITIES);
        }
        catch (PackageManager.NameNotFoundException e)
        {
            flag = false;
        }

        if (flag)
        {
            try 
            {
                Intent intent = Intent.parseUri(url, Intent.URI_INTENT_SCHEME);
                startActivity(intent);
            }
            catch (URISyntaxException e) 
            {
                e.printStackTrace();
            }
        }
        else
        {
            new AlertDialog.Builder(Activity_Notice.this)
            .setTitle("")
            .setCancelable(false)
            .setMessage("")
            .setPositiveButton("확     인", new DialogInterface.OnClickListener() 
            {               
                @Override
                public void onClick(DialogInterface dialog, int which) 
                {
                    Intent intent = new Intent(Intent.ACTION_VIEW);
                    intent.setData(Uri.parse(""));
                    startActivity(intent);
                }
            })
            .show();
        }
    }

I really don't know how to I solve this problem google's Answer https://support.google.com/faqs/answer/9101196?hl=en

I try this case if i connect the http site then, doesn't show error page but, I get a Jquery error. If i enter using a browser, it comes out normally in This case 

<application usesCleartextTraffic=false networkSecurityConfig="@xml/network_security_config">

network_security_config

<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">yeosj.com</domain>

    </domain-config>
</network-security-config>
Solution

  • Modify your network_security_config file like this one and check

    <?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
</network-security-config>