Intent Redirection Vulnerability Notification From Google Play
I built a one-tap consent OTP-verification for my android app as per: https://developers.google.com/identity/sms-retriever/user-consent/request
The only difference in my code is that I changed
override fun onCreate(savedInstanceState: Bundle?) {
// ...
val intentFilter = IntentFilter(SmsRetriever.SMS_RETRIEVED_ACTION)
registerReceiver(smsVerificationReceiver, SmsRetriever.SEND_PERMISSION, intentFilter)
}
in the article, to:
// ...
val intenetFilter = IntentFilter(SmsRetriever.SMS_RETRIEVED_ACTION)
registerReceiver(smsBroadcastReceiver, intenetFilter)
I removed the SmsRetriever.SEND_PERMISSION because I get a type mismatch error as shown in the image: 
This may be because Google states here that This permission setting is available in Google Play services version 19.8.31 or higher. However, I am using
implementation 'com.google.android.gms:play-services-auth:19.2.0'
implementation 'com.google.android.gms:play-services-auth-api-phone:17.5.1'
in my build gradle. I don't think there is a 19.8.31 version of play-services-auth available for download yet.
So then I tried another way by adding the following permission for my broadcast receiver in my android manifest:
<receiver
android:name=".ui.otpVerification.SmsBroadcastReceiver"
android:exported="true"
android:permission="com.google.android.gms.auth.api.phone.permission.SEND">
<intent-filter>
<action android:name="com.google.android.gms.auth.api.phone.SMS_RETRIEVED" />
</intent-filter>
</receiver>
And I thought this would solve the intent vulnerability issue because I am setting SEND_PERMISSIONpermission for my receiver as mentioned in https://support.google.com/faqs/answer/9267555
However, when I created a new release and submitted it for review, I still got the same notification returning an Intent Redirection Vulnerability. Is there anything that I am doing incorrectly? Anything else I need to consider?
I added the following instead and it worked.
// ...
val intenetFilter = IntentFilter(SmsRetriever.SMS_RETRIEVED_ACTION)
registerReceiver(smsBroadcastReceiver, intenetFilter, SmsRetriever.SEND_PERMISSION, null)
Didn't need to do anything on Android Manifest. Only changed the line above.
- How to use GoogleAPIClient (deprecated) with SMSRetriver API in Android
- Installing two apk using one apk
- OutOfMemoryError while decoding and encoding Base64 String into Bitmap
- Critical security vulnerability in reCAPTCHA Enterprise
- Android Canvas: drawing too large bitmap
- Android: Notification Shows in Delay And Stops Updating When App Closed for 30 Seconds (on OnePlus 8T)
- what to do when the java.lang.illegalSateException (Module entity with name: .... should be available) occurs?
- How do I create a table in Jetpack Compose?
- Why are the received messages not showing up in the UI?
- Best way to perform a GET request without any other libraries
- Android custom textview
- How can i pass a HashMap to a react-native android callback?
- How do I make a disabled compose OutlinedTextField look like its enabled?
- Accidentally pressed don't allow install app and remember - Android Studio
- Huge unusable font size in Android Studio
- Android while driving logic
- how to use adb to change resolution of device
- Kotlin safe args direction is not generating
- Android Google Map, Polylines and zoom
- Out Of Memory Error When loading more images in Glide
- How to check Programmatically the volume of phone in android?
- There is always a default background on TextInputLayout in Android
- com.google.gson.JsonSyntaxException: java.lang.IllegalStateException in android
- LinkageError: Method onCreate overrides final method
- Java Android why delete a images does't delete
- Java Android Send a data to server application never use a onPostExecute()
- Java android fix Failed to crunch file
- Java android moshi parse Json to Object
- Java android android.view.WindowManager$BadTokenException: Unable to add window
- Java android Java.io.FileNotFoundException: No content provider: /storage/emulated/0/Android/data