razorpay / react-native-razorpay

React Native wrapper for Razorpay's mobile SDKs
https://www.npmjs.com/package/react-native-razorpay
MIT License
124 stars 107 forks source link

Security auditing issue #304

Closed akhil-evolvier closed 3 years ago

akhil-evolvier commented 3 years ago

During our security auditing, we found some issues with following,

  1. Broadcast Receiver (com.learnium.RNDeviceInfo.RNDeviceReceiver) is not Protected.
  2. Broadcast Receiver (com.razorpay.RzpTokenReceiver) is not Protected.

anyone faced this issue. Can you please help with this?

Nautiyalsachin commented 3 years ago

Hi @yedu890, we have Proguard rules specific to this issue. Please include these in your build.

Also if it's not confidential then you can share them with us here, so that we can look into more depth.

Let us know how the audit goes for you after including the above changes.

Nautiyalsachin commented 3 years ago

Closing this issue due to inactivity. Feel free to add comments or re-open the issue if this issue still persists.