Monday, 31 January 2022

Your app contains an Implicit Internal Intent vulnerability

Google rejecting my app and i'm having trouble with this security error that appear when i submit app as production release:

Implicit Internal Intent

Your app contains an Implicit Internal Intent vulnerability. Please see this Google Help Center article for details.

com.mypackage.name.sync.SyncService.onHandleIntent

I applied all recommendations listed here: Remediation for Implicit PendingIntent Vulnerability

But the error still persists.

My service:

public class SyncService extends IntentService {
    protected void onHandleIntent(Intent intent) {
... 
 Intent i = new Intent("com.mypackage.name.REFRESH");
 app.sendBroadcast(i);
...
   }
 }

Manifest:

<service
    android:name=".sync.SyncService"
    android:exported="false" >
</service>

The service started in many places in 3 methods like this: (As recommended by google i did add PendingIntent.FLAG_IMMUTABLE)

Method 1:

Intent intent = new Intent(this, SyncService.class);
PendingIntent pIntent = PendingIntent.getService(this, 0, intent,
            PendingIntent.FLAG_IMMUTABLE | PendingIntent.FLAG_UPDATE_CURRENT);
AlarmManager alarmMgr = (AlarmManager) this.getSystemService(Context.ALARM_SERVICE);
alarmMgr.setRepeating(AlarmManager.ELAPSED_REALTIME_WAKEUP, triggerAtMillis,
        SYNC_FREQUENCY, pIntent);

Method 2:

Intent intent = new Intent("com.mypackage.name.REFRESH");
intent = new Intent(getApplicationContext(), SyncService.class);
intent.putExtra("notification_unassigned_sync", true);
startService(intent);

Method 3:

Intent intent = new Intent(getApplicationContext(), SyncService.class);
startService(intent);

Is there anything wrong in my code ? Any recommendations ?



from Your app contains an Implicit Internal Intent vulnerability

No comments:

Post a Comment