Actual Behavior
BrowserTab activity can be invoke by any third party app(malicious app). This is not the accepted behavior.
Query: I want to understand what security impact it will have if we kept android:exported='true' and is it really require to mark it "android:exported=''false"
Any third-party app can start this activity with no permission. If a malicious app constantly start the browser activity, our app will stop work.
MSAL Version: 2.2.2
AndroidManifest.xml: com.microsoft.identity.client.BrowserTabActivity android:exported='true'
Expected: com.microsoft.identity.client.BrowserTabActivity android:exported='false'
Actual Behavior BrowserTab activity can be invoke by any third party app(malicious app). This is not the accepted behavior.
Query: I want to understand what security impact it will have if we kept android:exported='true' and is it really require to mark it "android:exported=''false"