如何解决收到Google寄来的邮件“您的应用容易受到意图重定向的攻击”,但找不到该漏洞
当我更新我的应用程序时,我收到了一封来自Google的邮件,显示
您好Google Play开发者
我们检查了您的应用程序,发现您的应用程序使用了包含用户安全漏洞的软件。具有这些漏洞的应用可能会泄露用户信息或损坏用户的设备,并且可能被视为违反了我们的恶意行为政策。
漏洞-您的应用容易受到意图重定向的影响。
但是我没有进行任何意图提取或重定向。
搜索了一点之后,我应用了一些解决方案,例如
android:exported="false"
但它们都不起作用。
现在,我认为某些第三方插件对此漏洞负责。如何在我的代码中找到该漏洞?
下面是我的build.gradle文件
apply plugin: 'com.android.application'
apply plugin: 'com.google.gms.google-services'
apply plugin: 'com.google.firebase.crashlytics'
android {
compileSdkVersion 29
defaultConfig {
minSdkVersion 21
targetSdkVersion 29
renderscriptTargetApi 18
renderscriptSupportModeEnabled true
multiDexEnabled true
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
resConfigs "en"
}
buildTypes {
debug {
firebaseCrashlytics {
mappingFileUploadEnabled false
}
}
release {
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android.txt'),'proguard-rules.pro'
}
}
compileOptions {
sourceCompatibility = '1.8'
targetCompatibility = '1.8'
}
externalNativeBuild {
ndkBuild {
path 'src/main/jni/Android.mk'
}
}
dependencies {
androidTestImplementation('androidx.test.espresso:espresso-core:3.1.1',{
exclude group: 'com.android.support',module: 'support-annotations'
})
testImplementation 'junit:junit:4.12'
implementation 'androidx.multidex:multidex:2.0.1'
implementation filetree(dir: 'libs',include: ['*.jar'])
implementation 'androidx.appcompat:appcompat:1.2.0'
implementation 'androidx.constraintlayout:constraintlayout:2.0.2'
implementation 'androidx.legacy:legacy-support-v4:1.0.0'
implementation 'androidx.recyclerview:recyclerview:1.1.0'
implementation 'androidx.cardview:cardview:1.0.0'
implementation "androidx.viewpager2:viewpager2:1.0.0"
implementation 'com.github.bumptech.glide:glide:4.11.0'
annotationProcessor 'com.github.bumptech.glide:compiler:4.11.0'
implementation 'com.google.android.material:material:1.3.0-alpha03'
//fix
implementation 'com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava'
implementation 'com.google.android.gms:play-services-basement:17.5.0'
//Firebase
implementation platform('com.google.firebase:firebase-bom:25.12.0')
implementation 'com.google.firebase:firebase-auth'
implementation 'com.google.firebase:firebase-database'
implementation 'com.google.firebase:firebase-storage'
implementation 'com.google.firebase:firebase-firestore'
implementation 'com.google.firebase:firebase-messaging'
implementation 'com.google.firebase:firebase-config'
implementation 'com.google.firebase:firebase-analytics'
implementation 'com.google.firebase:firebase-crashlytics'
implementation 'com.google.firebase:firebase-inappmessaging-display'
implementation 'com.firebaseui:firebase-ui-auth:6.3.0'
// Google Sign In SDK (only required for Google Sign In)
implementation 'com.google.android.gms:play-services-auth:18.1.0'
implementation 'com.google.android.gms:play-services-identity:17.0.0'
// Facebook Android SDK (only required for Facebook Login)
implementation 'androidx.browser:browser:1.2.0'
implementation 'com.facebook.android:facebook-android-sdk:7.1.0'
//retrofit
implementation 'com.squareup.retrofit2:retrofit:2.2.0'
implementation 'com.squareup.retrofit2:converter-gson:2.2.0'
implementation 'com.squareup.okhttp3:logging-interceptor:3.9.0'
//json utilities
implementation 'com.fasterxml.jackson.core:jackson-core:2.10.1'
implementation 'com.fasterxml.jackson.core:jackson-annotations:2.10.1'
implementation 'com.fasterxml.jackson.core:jackson-databind:2.10.1'
//Paytm All-in-one SDK Payment Gateway
implementation'com.paytm.appinvokesdk:appinvokesdk:1.5'
//Circular ImageView
implementation 'de.hdodenhof:circleimageview:2.2.0'
//Number Picker
implementation 'com.shawnlin:number-picker:2.4.7'
//Version Compare
implementation 'com.g00fy2:versioncompare:1.3.2'
//Seekbar
implementation 'com.github.warkiz.widget:indicatorseekbar:2.1.2'
//country picker
implementation 'com.hbb20:ccp:2.3.1'
//TrueTime
implementation 'com.github.instacart.truetime-android:library:3.4'
//facebook ads
implementation 'com.facebook.android:audience-network-sdk:6.1.0'
//shimmer
implementation 'com.facebook.shimmer:shimmer:0.5.0'
//Loading Animation
implementation 'com.wang.avi:library:2.1.3'
//likeButton
implementation 'com.github.varunest:sparkbutton:1.0.6'
}
configurations.all {
resolutionStrategy.force 'com.android.support:support-annotations:28.0.0'
}
}
-更新---
实际上问题出在facebook sdk中,仅用特定于登录的sdk替换了它后,我的应用得到了Play商店的批准。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。