react-native-intercom: Google Play has rejected the app because of vulnerability issue

Your app contains an Intent Redirection vulnerability. Please see this Google Help Center article for details. Vulnerable classes: io.intercom.android.sdk.utilities.IntentUtils.safelyOpenIntent

I use react-native@0.62.2, react-native-intercom@17.0.0, and the package contains a vulnerable class so Google Play does not approve it. The intercom support team says that you should fix this error on the react-native module side. https://forum.intercom.com/s/question/0D52G00004YGl0tSAD/why-did-i-get-a-security-alert-from-the-google-play-console-when-uploading-a-recent-app-build

Can you help us with it, please?

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 8
  • Comments: 16

Most upvoted comments

@twiking for anyone else reaching this page, I’m linking what exactly was removed from AndroidManifest.xml from the old README and needs to be removed.

            <service		
               android:name="com.robinpowered.react.Intercom.IntercomIntentService"		
               android:exported="false">		
               <intent-filter		
                 android:priority="999">		
                   <action android:name="com.google.android.c2dm.intent.RECEIVE"/>		
               </intent-filter>		
             </service>		
             <receiver		
               android:name="io.intercom.android.sdk.push.IntercomPushBroadcastReceiver"		
               tools:replace="android:exported"		
               android:exported="true" />
+5
andiradulescu on Nov 1, 2020

@BrantApps So, your app that has been approved is using rn-intercom vers 17.0.0 without any tweak?

I means, you just followed the instructions on README?

+3
abdullahizzuddiin on Jan 9, 2021

No configuration in AndroidManifest.xml is needed anymore according to the Installation Guide

It seems the documentation still suggests adding configuration to AndroidManifest.xml. My guess is removing this configuration will prevent Intercom related push notifications from working.

Can anyone confirm they’ve successfully re-submitted their app to the Play Store with the current configuration recommendations (including the service + intent filter section of AndroidManifest.xml) ?

+1
flochtililoch on Dec 9, 2020

@asimolmez We got the same issue and it seems that it was connected to some old configuration in AndroidManifest.xml. No configuration in AndroidManifest.xml is needed anymore according to the Installation Guide.

+1
twiking on Oct 8, 2020
Read more comments on GitHub
← react-native-intercom: Error: Cannot read property 'UNREAD_CHANGE_NOTIFICATION' of undefined
react-native-intercom: 'Intercom/Intercom.h' file not found →