Fix cross-app scripting vulnerability in OAuthActivity
Implementation Details :construction:
Google Play Store's recommends an option to fix this security vulnerability, which is to not export the affected WebView Activity (OAuthActivity). See here for more details on the recommendations: https://support.google.com/faqs/answer/9084685?hl=en-GB
Here is the original change where OAuthActivity was initially exported. The intention of the original fix was to prevent OAuthActivity from being recreated upon screen reorientation. This fix is achieved with the addition of android:configChanges="orientation|screenSize", whereas exporting the activity is not required.
Testing Details :mag:
Verified that OAuthActivity is not being recreated upon screen rotation
Issue Link :link:
Goals :soccer:
OAuthActivity
Implementation Details :construction:
OAuthActivity
). See here for more details on the recommendations: https://support.google.com/faqs/answer/9084685?hl=en-GBOAuthActivity
was initially exported. The intention of the original fix was to prevent OAuthActivity from being recreated upon screen reorientation. This fix is achieved with the addition ofandroid:configChanges="orientation|screenSize"
, whereas exporting the activity is not required.Testing Details :mag: