4

I understand what is an intent redirection vulnerability issue. Also, aware of the solutions. But I am facing trouble finding the origin of this issue. Play console is reporting that the error lies here androidx.fragment.app.FragmentActivity.startActivityForResult.

I am using AppcompactActivity throughout the app. So I have checked every startActivityForResult in my app. None of them are forwarding an unsafe intent. I think this is from some third-party library, I am using many of them. Play console is not giving me much information. So I am unable to find the root of this security threat.

Are there any tools/methods to trace the intent redirection vulnerability issue? Especially if it is originating from a third-party library, how can we trace it? After applying the fix, how can we ensure the issue is resolved before submitting it to the Play-console?

Rijo Kuriakose
  • 164
  • 1
  • 11

1 Answers1

3

I am also faced the same issue. I have contacted Google Play support for more details. But the same replay was obtained. The possible remedies are to use some App Scanner to find Security Vulnerabilities. On search I have got some software for this job. The article which helped me was "Mobile App Scanner". From the list I have found this one very useful- Mobile Security Framework (MobSF). Installation procedure is also there in this link. I have scanned my app using this one and got some valid vulnerabilities which helped me to pass the Google Play Policy hurdle. Hope someone found this helpful.

Pratheesh
  • 764
  • 1
  • 11
  • 24
  • Hi, I am facing the same issue, Can you tell me what are all the major vulnerability you fixed to pass through the Google Play policy – Simon Chius Mar 16 '21 at 21:02