App Reject on Playstore

[Anujmoglix]

Hi , I was using Razorpay previously and it was working fine but for new build I am getting issue

Your app contains an Intent Redirection vulnerability. Please see this Google Help Center article for details. Vulnerable classes: com.razorpay.AutoReadOtpHelper.onReceive Please fix the issue before: 12/14/2020 Affects APK versions 4194329, 3145753, 2097177 and others.

code is

RazorpayCheckout.open(options).then((data) => {
      // handle success
      console.log(data)
})

Any Solution for this ?

[vivekshindhe]

@Anujmoglix Hey, thanks for reaching out to us.

We've solved this issue and will be live in the next version. I Will update here once that happens.

Thanks

[Anujmoglix]

Should I downgrade "react-native-razorpay" package version ? Please provide specific version number in which it is working .

[abhi92]

@vivekshindhe facing the same problem on version 2.0.18

[vivekshindhe]

@Anujmoglix @abhi92 Yes. You don't have to downgrade the version. You will need to upgrade it. Will post it here once it's live. It's already in the process.

Thanks.

[Anujmoglix]

Ok , Waiting for the latest version to released .

Thanks .

[ivinantony]

Me too got the same error when i published the app to playstore and the application still not live. Let me know that the app will reject by the playstore or will be live??. They says to fix the issue and upload apk again.please help me

[ivinantony]

Ok , Waiting for the latest version to released .

Thanks .

Is your app is live or rejected

[Anujmoglix]

Hi @chaloexam , I have removed this plugin and did some code . Now app is live on store.

[pravinfullstack]

same here

[mgsbabu]

We are facing the same issue.

Because of this, all of our updates into app stores are on hold. Please speedup the fix

Thanks

[J-Ghodasara]

Facing the same issue.

Please provide the new version ASAP.

Thanks.

[gkcom123]

I too have same issue

[Unitybees]

I am also facing the same issue. Please provide the new version as soon as possible.

[malyalavenu]

This is the message we received from Google support team

Thanks for contacting Google Play Developer Support. I understand you have some questions about the security vulnerability of your app.

I see that version <#> of your app has this file in it, which contains a vulnerable version of intent_redirection:

com.razorpay.AutoReadOtpHelper.onReceive For this issue, you may need to follow the instruction here to address the issue: https://support.google.com/faqs/answer/9267555?hl=en

The app is rejected, please provide the new the razorPay upgrade asap.

[Nautiyalsachin]

Hey @malyalavenu, We are working on this issue, we need some time to release the fix as it can break more things, please give us some time till 30 September, we will be releasing a fix for this soon. Thank you.

[pchvramesh]

Facing the same issue. Please release new build as soon as possible. Or provide workaround, so that our apps will get deployed in to playstore with out issues.

[rajawatyagya]

Facing the same issue, removed it for now. Waiting for the new release.

[kevivmatrix]

Any update/timeline on this issue?

[vivekshindhe]

Hey, yes. We have made the release on the native platforms. This will be released by tomorrow. Thanks

On Wed, Sep 30, 2020 at 6:16 PM keviv vivek notifications@github.com wrote:

Any update/timeline on this issue?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/razorpay/react-native-razorpay/issues/291#issuecomment-701367067, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANXT3EQXPUY3FP6KDIIU2YLSIMSB5ANCNFSM4RONA7ZA .

--

IMPORTANT: The contents of this email and any attachments are confidential and protected by applicable laws. If you have received this email by mistake, please (i) notify the sender immediately; (ii) delete it from your database; and (iii) do not disclose the contents to anyone or make copies thereof. Razorpay accepts no liability caused due to any inadvertent/ unintentional data transmitted through this email.

---

[techyrajeev]

@NarasimhaSwamy @Nautiyalsachin @vivekshindhe can downgrading the react-native-razor-pay sdk will help? If yes please let me know to what version we should downgrade? Also please suggest some alternative solutions which can be opted in just as immediate fix. Currently using - "react-native-razorpay": "^2.2.0"

[vivekshindhe]

Hello all, a new version of react-native-razorpay is available 2.2.1. Please ensure to reinstall the package completely, also removing cache.

[raaz438]

Hi Vivek,

Still facing same problem, Can you pls suggest me .where i can do changes in the package . or any link to solve this issue. pls post here

[pchvramesh]

Hello all, a new version of react-native-razorpay is available 2.2.1. Please ensure to reinstall the package completely, also removing cache.

Did this work for any... Please provide your feedback. This will help others to go ahead with this release.

[vivekshindhe]

Hey Ramesh, could you tell us what didn't work for you?

On Fri, 9 Oct, 2020, 5:50 pm Ramesh Kumar, notifications@github.com wrote:

Hello all, a new version of react-native-razorpay is available 2.2.1. Please ensure to reinstall the package completely, also removing cache.

Did this work for any... Please provide your feedback. This will help others to go ahead with this release.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/razorpay/react-native-razorpay/issues/291#issuecomment-706148362, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANXT3ETLBXS5LHPJNB6H5CLSJ35YPANCNFSM4RONA7ZA .

--

IMPORTANT: The contents of this email and any attachments are confidential and protected by applicable laws. If you have received this email by mistake, please (i) notify the sender immediately; (ii) delete it from your database; and (iii) do not disclose the contents to anyone or make copies thereof. Razorpay accepts no liability caused due to any inadvertent/ unintentional data transmitted through this email.

[raaz438]

Hi Vivek, Still same issue facing.. Your app contains an Intent Redirection vulnerability. Please see this Google Help Center article for details. Vulnerable classes: com.razorpay.AutoReadOtpHelper.onReceive

pls help us

[malyalavenu]

Hi Vivek, Still same issue facing.. Your app contains an Intent Redirection vulnerability. Please see this Google Help Center article for details. Vulnerable classes: com.razorpay.AutoReadOtpHelper.onReceive

pls help us

We did a release with the 2.2.1 npm package of razorpay and the error disappeared. Google play store hasn't complained of any vulnerabilities, yet. We may do another release in the next week or so and will let you guys know if google flags it

[raaz438]

When it will be release?..All are stuck with this problem .from last 4 weeks

[vivekshindhe]

@raaz438 if you check the comments you'll notice that we have already released it. v2.2.1

[sumedht]

@raaz438 plz update to latest version 2.2.1 which we have released with this fix