Closed Skeletonxf closed 10 months ago
I bealeve that ShowkaseBrowserActivity should not be included in a release build
@Skeletonxf Thanks for flagging. I see that this line was added in this PR (https://github.com/airbnb/Showkase/commit/469e14de06227d32974d2b3fa67646ff53013e17#diff-fdcbc654693654c9611addef6b4e7ef93e1ae16aa06522b1c02d9786a3d5ecb5R10) and I didn't catch it during the review. I've reached out to @oas004 to figure out why this was needed, otherwise I'm inclined to remove this line of code from the library.
Opened PR that fixes this - https://github.com/airbnb/Showkase/pull/355
Hi, as part of an automated security scan on an app I'm working on Showkase was flagged due to the Showkase browser activity being exported by default.
This is easily overridden app side via
however the default being set to true could be surprising for some users of this library? I had initially thought that if I disabled the in app means of launching the browser then it wouldn't be accessible in a production build of the app, but given it is exported by default another malicious app could theoretically open this, and perhaps gain access to data in the screenshots that they shouldn't if anything sensitive is there.