search

tinycreative / react-native-intercom

React Native wrapper for Intercom.io
MIT License
406 stars 280 forks source link

Google reject android app because of "Your app(s) are vulnerable to Intent Redirection" #415

Closed charity-detalytics closed 3 years ago

charity-detalytics commented 3 years ago

After adding the followings:

AndroidManifest.xml

<receiver
    android:name="io.intercom.android.sdk.push.IntercomPushBroadcastReceiver"
    tools:replace="android:exported"
    android:exported="true" />
<service
   android:name=".MainMessagingService"
   android:enabled="true"
   android:exported="true">
     <intent-filter>
       <action android:name="com.google.firebase.MESSAGING_EVENT" />
     </intent-filter>
 </service>
 <service android:name=".MainInstanceIdService" android:exported="false">
     <intent-filter>
       <action android:name="com.google.firebase.INSTANCE_ID_EVENT"/>
     </intent-filter>
 </service>

MainInstanceIdService.java

public class MainInstanceIdService extends FirebaseInstanceIdService {
  private final IntercomPushClient intercomPushClient = new IntercomPushClient();
  private static final String TAG = "InstanceIdService";

  @Override
  public void onTokenRefresh() {
    String refreshedToken = FirebaseInstanceId.getInstance().getToken();
    intercomPushClient.sendTokenToIntercom(getApplication(), refreshedToken);
    Log.d(TAG, "Refreshed token: " + refreshedToken);

    Intent i = new Intent("io.invertase.firebase.messaging.FCMRefreshToken");
    Bundle bundle = new Bundle();
    bundle.putString("token", refreshedToken);
    i.putExtras(bundle);
    sendBroadcast(i);
  }
}

MainMessagingService.java

public class MainMessagingService extends FirebaseMessagingService {
    private static final String TAG = "MainMessagingService";
    private final IntercomPushClient intercomPushClient = new IntercomPushClient();

    @Override
    public void onMessageReceived(RemoteMessage remoteMessage) {
        Map message = remoteMessage.getData();

        if (intercomPushClient.isIntercomPush(message)) {
            Log.d(TAG, "Intercom message received");
            intercomPushClient.handlePush(getApplication(), message);
        } else {
            super.onMessageReceived(remoteMessage);
        }
    }
}

the new build get rejected by Google store with reason: "Your app(s) are vulnerable to Intent Redirection"

abdullahizzuddiin commented 3 years ago

Hi @charity-detalytics, have you solve this issue? What did you do to solve this issue?

charity-detalytics commented 3 years ago

Hi @charity-detalytics, have you solve this issue? What did you do to solve this issue?

Change to this will solve the issue.


<receiver
    android:name="io.intercom.android.sdk.push.IntercomPushBroadcastReceiver"
    tools:replace="android:exported"
    android:exported="false" />
TechSupportPlugnotes commented 3 years ago

Hello, this solution work with react-native-intercom ^16.0.0 ? I receive the same information about google dev and i prefer to be sure of that :)

NdaJunior commented 3 years ago

@TechSupportPlugnotes Did that change work for you as well ?

TechSupportPlugnotes commented 3 years ago

@TechSupportPlugnotes Did that change work for you as well ?

I used a slightly more drastic solution, as I have no other element that uses notifications (FCM), I removed the overload on notifications and it works. Because by adding the overload the notifications did not work. So i removed MainMessagingService.java and receiver.

afilp commented 2 years ago

What is the solution to this please, if we do use all the recommended by intercom code?