Google rejecting my app and i'm having trouble with this security error that appear when i submit app as production release:
Implicit Internal Intent
Your app contains an Implicit Internal Intent vulnerability. Please see this Google Help Center article for details.
com.mypackage.name.sync.SyncService.onHandleIntent
I applied all recommendations listed here: Remediation for Implicit PendingIntent Vulnerability
But the error still persists.
My service:
public class SyncService extends IntentService {
protected void onHandleIntent(Intent intent) {
...
Intent i = new Intent("com.mypackage.name.REFRESH");
app.sendBroadcast(i);
...
}
}
Manifest:
<service
android:name=".sync.SyncService"
android:exported="false" >
</service>
The service started in many places in 3 methods like this: (As recommended by google i did add PendingIntent.FLAG_IMMUTABLE)
Method 1:
Intent intent = new Intent(this, SyncService.class);
PendingIntent pIntent = PendingIntent.getService(this, 0, intent,
PendingIntent.FLAG_IMMUTABLE | PendingIntent.FLAG_UPDATE_CURRENT);
AlarmManager alarmMgr = (AlarmManager) this.getSystemService(Context.ALARM_SERVICE);
alarmMgr.setRepeating(AlarmManager.ELAPSED_REALTIME_WAKEUP, triggerAtMillis,
SYNC_FREQUENCY, pIntent);
Method 2:
Intent intent = new Intent("com.mypackage.name.REFRESH");
intent = new Intent(getApplicationContext(), SyncService.class);
intent.putExtra("notification_unassigned_sync", true);
startService(intent);
Method 3:
Intent intent = new Intent(getApplicationContext(), SyncService.class);
startService(intent);
Is there anything wrong in my code ? Any recommendations ?
from Your app contains an Implicit Internal Intent vulnerability
No comments:
Post a Comment