App rejected by Google because of Intent Redirection

[mrkiwi]

Describe the bug Hi. I'm facing some problems with getting Google Play review for my app. When I've tried to release a new version of app it was rejected with following message:

Your app(s) are vulnerable to Intent Redirection.
com.amazonaws.mobileconnectors.cognitoauth.activities.CustomTabsManagerActivity.handleAuthorizationComplete

I've got this message for few latest releases, but I't was always approved till now.

Which AWS service(s) are affected?

aws-android-sdk-mobile-client
aws-android-sdk-cognitoauth

Environment Information (please complete the following information):

• AWS Android SDK Version: 2.57.0

Additional context Here's the list of libraries that I use in my project:

    implementation ("com.amazonaws:aws-android-sdk-mobile-client:2.57.0@aar")
    implementation('com.amazonaws:aws-android-sdk-cognitoauth:2.57.0@aar')
    implementation('com.amazonaws:aws-android-sdk-auth-userpools:2.57.0@aar')
    implementation('com.amazonaws:aws-android-sdk-auth-ui:2.57.0@aar')

I also tried to update the version to 2.69.0 but the CustomTabsManagerActivity still present in library. Also, according to my research the problem is settings result alongside with getIntent() calling.

[tylerjroach]

Hi @mrkiwi,

Please make sure that you have not added CustomTabsManagerActivity to your manifest with an exported=true flag. Our SDK already adds this activity to the manifest with an exported=false flag. This activity should not handle intent-filters directly. Please implement HostedUI authentication following the instructions in our documentation here: https://docs.amplify.aws/sdk/auth/hosted-ui/q/platform/android/#setup-amazon-cognito-hosted-ui-in-android-app.

[mrkiwi]

@tylerjroach Thanks for helping! Found exported=true in one of the submodules and changed it to HostedUI authorization. Big thanks!