Google Play has warned of "Your app(s) are vulnerable to Intent Redirection" after implementing the Razorpay Android Custom SDK

[Devenom1]

This is the warning I have received from Google Play after integrating Razorpay Android Custom SDK. Is there a solution to this issue? Libraries added: razorpay-android-3.8.10.aar razorpay-googlepay-1.3.0.aar tez-client-api-0.9.4.aar

"Hello Google Play Developer,

We reviewed , with package name , and found that your app uses software that contains security vulnerabilities for users. Apps with these vulnerabilities can expose user information or damage a user’s device, and may be considered to be in violation of our Malicious Behavior policy.

Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please migrate your apps to use the updated software as soon as possible and increment the version number of the upgraded APK."

[faisalmushtaq007]

Have you found any solution to this problem???

[Devenom1]

Not yet

[faisalmushtaq007]

what did you do for overcomming this issue?

[prakashreddyofferly]

I faced same issue in native android, I just changed the razorpay SDK version, issue solved

[faisalmushtaq007]

@prakashreddyofferly which version are you currently using???

[prakashreddyofferly]

1.5.16

[devendra-mcl]

I also faced this issue in native android. I use this version. implementation 'com.razorpay:checkout:1.6.3'

[e4basil]

I also faced this issue in native android. I use this version. implementation 'com.razorpay:checkout:1.6.3'

try with version '1.6.5'

[ashishverma93]

Hi,

I am also facing the same issue. I am using custom SDK 3.9.0.aar.

[Devenom1]

Hi, I confirm that this issue has been resolved. I have contacted Razorpay and they have confirmed it. I am currently using SDK Version 3.9.1 Razorpay seems to have taken off this version from https://razorpay.com/docs/payment-gateway/android-integration/custom/#step-1-install-razorpay-android-custom-sdk and rolled back to the previous version 3.9.0

I have faced some issue with v3.9.1. The biggest one is the getAppsWhichSupportUpi which used to previously return a list of supported upi app details. The upi app details were of the type ApplicationDetails class. Unfortunately with versions above 3.8.8 of the Razorpay Custom SDK this ApplicationDetails class is obsfucated. So calling getAppsWhichSupportUpi actually returns unreadable data.

They have confirmed that they are working on this.

And since they have rolled back to v3.9.0 I am guessing v3.9.1 had other issues which I haven't detected yet.

I hope this helps you guys.

[sumedht]

@Devenom1 You can find the latest version of SDK from here Also plz check if there are any older build in Alfa, beta stage in playstore. If it is, plz remove it & try to upload the app.

[Devenom1]

@sumedht Thanks for the update. I see v3.9.3 is also released on the Razorpay website. It would be really great. if you guys could post a changelog officially or even here.