Investigate the Bootstrap Activity

[bkimondiu]

The auditor shared the following:

(androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity) is not Protected. 
[android:exported=true]

(androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity) is not Protected. 
[android:exported=true]

(androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity) is not Protected. 
[android:exported=true]

With the description that An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

[owais-vd]

All three activities have no security implications as they are all launchable instrumentation test activities and intentionally exported true by the library. A launchable activity must be exported as of Android 12.

cc: @bkimondiu @ukanga @ekigamba

[ekigamba]

@owais-vd Are these activities disabled in the release version? If not, can we disable them since we do not currently use instrumentation testing.

[owais-vd]

@owais-vd Are these activities disabled in the release version? If not, can we disable them since we do not currently use instrumentation testing.

now, these activities are disabled in release build.