1

I have just got rejection of my app update with the message below.

Your app(s) are vulnerable to Intent Redirection.

com.facebook.CustomTabMainActivity->onCreate

i am using a facebook login in the app and it uses activity as below defined. Simple solution could be to set exported="false" but even my build is not working I get a build error " error MSB6006: "java.exe" exited with code 1." I am using xamarin. I am not sure if that is related to it but i guess not.

<activity android:name="com.facebook.CustomTabMainActivity" android:exported="true" />
        <activity android:name="com.facebook.CustomTabActivity" android:exported="true">
            <intent-filter>
                <action android:name="android.intent.action.VIEW" />
                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.BROWSABLE" />
                <data android:scheme="@string/fb_login_protocol_scheme" />
            </intent-filter>
        </activity>

If i understand correctly, exported=false also not a good solution i need data from another app. In this case if user has facebook app installed and login details should be delivered from the facebook app, exported=false makes the activity private and cannot receive the data. So what could be the possible solution here?

Emil
  • 6,411
  • 7
  • 62
  • 112
  • `I get a build error " error MSB6006: "java.exe" exited with code 1."` How can we reproduce this problem? Could you please post the steps of reproducing this problem? – Jessie Zhang -MSFT Jan 10 '22 at 05:59

2 Answers2

0

You have a duplicate, the first line is not necessary.

<activity android:name="com.facebook.CustomTabMainActivity" android:exported="true" />

Only use the rest and the sign in works.

Michael O
  • 67
  • 5
  • this should be comment and it is not duplicate one of them CustomTabMainActivity, other is CustomTabActivity – Emil Feb 01 '22 at 20:11
  • Well the vulnerability is in the first one, what are you using this for? – Michael O Feb 02 '22 at 10:45
  • i am not entirely sure but i was getting error as activity not found and as stated here, i have just added into manifest. https://stackoverflow.com/questions/49529383/android-facebook-sdk-4-31-0-activitynotfoundexception-in-customtabloginmetho Anyway even it is not the problem. even if you remove it, error remains. – Emil Feb 02 '22 at 13:56
  • @Emil you are sure the the error is still "com.facebook.CustomTabMainActivity->onCreate" when you remove the whole line and only leave the other CustomTabActivity? – Michael O Feb 03 '22 at 15:53
  • 1
    yes i already did. I have found the reason was caused my manifest merger. – Emil Feb 03 '22 at 23:13
0

I have found the problem with diagnostic build. I have Android library in the project which has also Manifest file. Indeed my Manifest in the Android library project didnt have anything within the application tags as shown below.

<application />

But somehow setting goes double with once true and other with false. Not sure why but within the logs I have found out that was message like "at the line xx android:exported="false" and other line yy android:exported="true" use tools:replace. This seems to be caused by Manifest merger and simply setting as below solved the error and now it builds fine and works as well.

    <activity android:name="com.facebook.CustomTabActivity" 
tools:replace="android:exported" android:exported="false">

I hope that it helps in case anyone come across with the same issue

Emil
  • 6,411
  • 7
  • 62
  • 112