Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Google Play has rejected the app because of vulnerability issue

See original GitHub issue

Your app contains an Intent Redirection vulnerability. Please see this Google Help Center article for details. Vulnerable classes: io.intercom.android.sdk.utilities.IntentUtils.safelyOpenIntent

I use react-native@0.62.2, react-native-intercom@17.0.0, and the package contains a vulnerable class so Google Play does not approve it. The intercom support team says that you should fix this error on the react-native module side. https://forum.intercom.com/s/question/0D52G00004YGl0tSAD/why-did-i-get-a-security-alert-from-the-google-play-console-when-uploading-a-recent-app-build

Can you help us with it, please?

Issue Analytics

State:
Created 3 years ago
Reactions:8
Comments:16

Top GitHub Comments

5reactions

andiradulescucommented, Nov 1, 2020

@twiking for anyone else reaching this page, I’m linking what exactly was removed from AndroidManifest.xml from the old README and needs to be removed.

            <service		
               android:name="com.robinpowered.react.Intercom.IntercomIntentService"		
               android:exported="false">		
               <intent-filter		
                 android:priority="999">		
                   <action android:name="com.google.android.c2dm.intent.RECEIVE"/>		
               </intent-filter>		
             </service>		
             <receiver		
               android:name="io.intercom.android.sdk.push.IntercomPushBroadcastReceiver"		
               tools:replace="android:exported"		
               android:exported="true" />

3reactions

abdullahizzuddiincommented, Jan 9, 2021

@BrantApps So, your app that has been approved is using rn-intercom vers 17.0.0 without any tweak?

I means, you just followed the instructions on README?

Top Results From Across the Web

Google Play store refused app based on a vulnerability, how ...

We rejected your app, with package name org.xxxxxx, for violating our Malicious Behavior or User Data policy. If you submitted an update, the ......

Google Play Rejected app because of SSL security vulnerability

"Your APK has been rejected for containing security vulnerabilities, which violates the Malicious Behavior policy." "Security alert" Your app is using a version ......

Device and Network Abuse - Play Console Help - Google Help

We don't allow apps that interfere with, disrupt, damage, or access in an unauthorized manner the user's device, other devices or computers, servers, ......

Android Application Rejected By Play Store For Intent ...

"Your app(s) are vulnerable to Intent Redirection." ... The issue can be reproduced at will with the following steps: 1. Build the signed...

App Rejected from Play Store, vulnerable version of libpng - C++

issue in this Google Help Center article. I guess I'm have to compile in a specific version of libpng - does anyone know...