Stack Overflow
Stack Overflow

Questions tagged [android-security]

Tag used by Android in Security Alert messages to developers. The Security Alert message is often accompanied with a Google-Play rejection. AOSP instructions state to tag a question with it.

Tag used by Android in Security Alert messages to developers. The Security Alert message is often accompanied with a Google-Play rejection. AOSP instructions state to tag a question with it.

656 questions
16
votes
7 answers

Your app contains an Intent Redirection vulnerability

I launched a game to the Google Play store recently and it was going good until now. I just received an email from Google that says that "One or more of your apps contains an Intent Redirection vulnerability that puts user data at risk " and tells…
Ihsan Ali
  • 179
  • 1
  • 1
  • 4
16
votes
2 answers

How Can the Settings App Start an App's Non-Exported Activity?

Android N lets you link an activity of yours into your app's page in Settings. Just add an for android.intent.action.APPLICATION_PREFERENCES. Android N's Settings app will look for the activity in your app that has that…
CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
15
votes
3 answers

Get checksum of the source codes in Android library

I am developing an android library and I want to apply a tamper-detection mechanism to my code, since it calls some sensitive financial web services. What I'm going to implement is to calculate the checksum of the apk ( or important parts of it),…
Farhad
  • 12,178
  • 5
  • 32
  • 60
15
votes
1 answer

How to get Usage Access Permission programmatically

My app needs to have Usage Access Permission in order to get information about the current running app on user's phone. I am able to successfully implement it using the following code with the help from the following link. Usage Access apps Here is…
Vivek Mishra
  • 5,669
  • 9
  • 46
  • 84
14
votes
1 answer

Android 10 android.security.keymaster.ExportResult.resultCode NullPointerException crash

My app is getting single crashes reports from Android 10 users only. This is the stacktrace: Fatal Exception: java.lang.NullPointerException: Attempt to read from field 'int android.security.keymaster.ExportResult.resultCode' on a null object…
Grabiarz
  • 141
  • 5
14
votes
3 answers

Mapping between Android permissions (that we define in the manisfest file ) to corresponding API calls /methods

Where can I find the mapping between Android permissions (that we define in the manisfest file ) to corresponding API calls /methods? For example GET-ACCOUNTS” is a permission type which maps to getAccountsByType(), getDeviceId(), and…
v09
  • 840
  • 2
  • 12
  • 22
13
votes
3 answers

(GCP) API keys. Your app contains exposed Google Cloud Platform (GCP) API keys

Getting error when uploading build in google play store console. The error is following. Leaked GCP API Keys Your app contains exposed Google Cloud Platform (GCP) API keys. The culprit code is following. Places.initialize(getApplicationContext(),…
Kamran Omar
  • 1,815
  • 9
  • 31
  • 49
13
votes
1 answer

Allow screenshots using FLAG_SECURE

With FLAG_SECURE, screen capture is not allowed. I would like my application to be able to capture the screen, but to be blured or hidden when it goes to the background. Would you know any way to do this? Is it possible to do it with FLAG_SECURE? I…
A981K
  • 193
  • 1
  • 1
  • 7
13
votes
6 answers

Google Play Security Alert - Your app is using an unsafe implementation of the HostnameVerifier

Recently one of my app got a security alert from Google Play as below. You app is using an unsafe implementation of the HostnameVerifier. And refer a link to Google Play Help Center article for details regarding to fixing and deadline of…
Priyank Patel
  • 12,244
  • 8
  • 65
  • 85
13
votes
2 answers

Google Play Warning: WebViewClient.onReceivedSslError handler

I recently received an email from Google with the following subject : "Google Play Warning: SSL Error Handler Vulnerability". In this email, Google explains that my app has an ["unsafe implementation of the WebViewClient.onReceivedSslError handler.…
Vivek Mittal
  • 161
  • 1
  • 1
  • 3
13
votes
5 answers

SSL Warning from google play

Got warning from google play. How can i handle "SSL Error Handler Vulnerability" of unsafe implementation of the WebViewClient.onReceivedSslError handler. "Please address this vulnerability as soon as possible and increment the version number of the…
Vishal Chaudhari
  • 403
  • 1
  • 6
  • 13
12
votes
2 answers

"Your app contains unsafe cryptographic encryption patterns" - How I can get rid of this warning?

Few days ago, In "Pre-launch report for APK" in Google Play Console, it start to flag me Unsafe encryption Detected in APK ??? Your app contains unsafe cryptographic encryption patterns. Please see this Google Help Centre article for…
Cheok Yan Cheng
  • 47,586
  • 132
  • 466
  • 875
12
votes
2 answers

Google Play Warning: WebViewClient.onReceivedSslError handler

I got an email from Google with the following subject : Google Play Warning: SSL Error Handler Vulnerability". In this email, Google explains that my app has an ["unsafe implementation of the WebViewClient.onReceivedSslError handler" Here's my…
user1986760
  • 813
  • 2
  • 10
  • 19
12
votes
5 answers

You are using an unsafe implementation of X509TrustManager

I've an app in Google Play, today I received a mail from Google saying that: Google Play warning: You are using an unsafe implementation of X509TrustManager It says something about the SSL certificate issues and a way to solve the issue. I'm…
Midhun MP
  • 103,496
  • 31
  • 153
  • 200
12
votes
1 answer

Use KeyPairGeneratorSpec for Android API level < 18?

I want to store secret data in the private keystore of my app. However, as I was working on the code to do this, Android Studio warned that KeyPairGeneratorSpec.Builder(context) requires API level 18 and I'm targeting 14 as a minimum. :-( How can I…
Someone Somewhere
  • 23,475
  • 11
  • 118
  • 166
1
2
3
43 44