Remediation for Implicit PendingIntent Vulnerability
See original GitHub issueHello! We are happily using react-native-push-notification in our app. At our latest update, Google contacted us because a potential vulnerability due to implicit pending-intents within our app. A complete article that describes this security breach can be found here. After searching through our code I found these lines of code, which look similar to the implicit intent pattern described in the article:
// RNPushNotificationHelper.java
Intent notificationIntent = new Intent(context, RNPushNotificationPublisher.class);
...
return PendingIntent.getBroadcast(context, notificationID, notificationIntent, PendingIntent.FLAG_UPDATE_CURRENT);
Has anyone using this package received the same warning from google? Do you think the above method could be related to that? Thanks for your help!
Issue Analytics
- State:
- Created 2 years ago
- Reactions:4
- Comments:9
Top Results From Across the Web
Remediation for Implicit PendingIntent Vulnerability
This information is intended for developers with app(s) that contain the Implicit PendingIntent Vulnerability. What's happening One or more of your apps ...
Read more >Google denied update due Remediation for Implicit ...
Thanks to @kkazakov problem solved. Library com.huawei.hms:push contains unsafe usage of implicit PendingIntents. Google approved update for ...
Read more >Android : Google denied update due Remediation for Implicit ...
Android : Google denied update due Remediation for Implicit PendingIntent Vulnerability [ Beautify Your Computer ...
Read more >Remediation for Implicit PendingIntent Vulnerability
"Your app contains an Implicit PendingIntent vulnerability. Please see this Google Help Center article for details. com.microsoft.appcenter.push ...
Read more >Implicit PendingIntent vulnerability -- Google's suggested ...
For several releases now, I've been getting a warning on my Google Play Console as follows: Implicit PendingIntent Your app contains an ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
So I manually patched the version I had been using, it was really old so you might need to adjust for your version. Once I have updated my apps to the latest version of this lib I can make a PR to resolve this if it is still a problem with
latest
.The app that passed review is using
react-native-push-notification@3.1.9
. Here is my patch that passed review:Im having this issue even with 8.1.1. Can we create a pull request based on @bjacog changes?