当 Android 应用程序预启动到 Playstore 时,会出现隐式内部意图漏洞
问题描述 投票:0回答:1
最近,我从 Playstore 控制台创建了新应用程序,并上传了新捆绑包,但 Playstore 提到了安全和信任问题,例如隐式内部意图漏洞。这个问题表现在以下几个地方。谁帮我解决这个问题。
private fun performAction(context: Context, intent: Intent) {
val apiKey = intent.getStringExtra(VideoChatConstants.API_KEY)
val sessionId = intent.getStringExtra(VideoChatConstants.SESSION_ID_KEY)
val token = intent.getStringExtra(VideoChatConstants.TOKEN_KEY)
val caller = intent.getStringExtra(VideoChatConstants.OTHER_PARTY_EXTRA_KEY)
val imgUrl = intent.getStringExtra(VideoChatConstants.IMAGE_URL_KEY)
val notifId = intent.getIntExtra(VideoChatConstants.NOTIFCATION_ID_EXTRA_KEY, -1)
Logger.debug(TAG, "performAction:: notifId= $notifId")
when(intent.action) {
VideoChatConstants.CALL_RECEIVE_ACTION_VALUE -> {
context.startActivity(
Intent(context.applicationContext, VideoChatActivity::class.java)
.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK or Intent.FLAG_ACTIVITY_CLEAR_TASK)
.putExtra(VideoChatConstants.API_KEY, apiKey)
.putExtra(VideoChatConstants.SESSION_ID_KEY, sessionId)
.putExtra(VideoChatConstants.TOKEN_KEY, token)
.putExtra(VideoChatConstants.OTHER_PARTY_EXTRA_KEY, caller)
.putExtra(VideoChatConstants.IMAGE_URL_KEY, imgUrl)
)
context.stopService(Intent(context, CallNotificationService::class.java))
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.S) {
context.sendBroadcast(Intent(Intent.ACTION_CLOSE_SYSTEM_DIALOGS))
} /*else {
UCHNotificationManager.cancelNotification(context,
notifId)
}*/
}
VideoChatConstants.CALL_DIALOG_ACTION_VALUE -> {
context.startActivity(
Intent(context, CallRingingActivity::class.java)
.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK or Intent.FLAG_ACTIVITY_CLEAR_TOP
or Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS)
.putExtra(VideoChatConstants.API_KEY, apiKey)
.putExtra(VideoChatConstants.SESSION_ID_KEY, sessionId)
.putExtra(VideoChatConstants.TOKEN_KEY, token)
.putExtra(VideoChatConstants.OTHER_PARTY_EXTRA_KEY, caller)
.putExtra(VideoChatConstants.IMAGE_URL_KEY, imgUrl)
)
}
VideoChatConstants.CALL_CANCEL_ACTION_VALUE -> {
context.stopService(
Intent(context, CallNotificationService::class.java)
.putExtra(VideoChatConstants.SESSION_ID_KEY, sessionId)
)
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.S) {
context.sendBroadcast(Intent(Intent.ACTION_CLOSE_SYSTEM_DIALOGS))
}
VideoCallManager.getInstance()
.onVideoCallRejected(sessionId,
object: VideoCallManager.VideoCallCallback {
override fun onResults(isSuccess: Boolean) {
if(isSuccess) {
Logger.debug(TAG, "Call reject is acknowledged by server")
} else {
Logger.warn(TAG, "Call reject is NOT acknowledged by server!")
}
}
})
}
VideoChatConstants.CALL_HANGED_UP_ACTION_VALUE -> {
context.stopService(
Intent(context, CallNotificationService::class.java)
.putExtra(VideoChatConstants.SESSION_ID_KEY, sessionId)
)
context.sendBroadcast(Intent(VideoChatConstants.CALL_DISCONNECTED_ACTION))
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.S) {
context.sendBroadcast(Intent(Intent.ACTION_CLOSE_SYSTEM_DIALOGS))
}
}
else -> {
Logger.warn(TAG, "intent action is unexpectedly null!")
}
}
}
同样的问题也提到其他地方
if(pushType.equalsIgnoreCase(Constants.NotificationTypes.VIDEO_CALLING.name())) {
if(pushTime != null && !CommonUtils.isHalfMinuteOrLess(pushTime)) {
Logger.debug(TAG, "Obsolete video call push, ignore");
return;
}
if(VideoChatService.Companion.isOnline()) {
// already in another call, reject this one
VideoCallManager.Companion.getInstance().onVideoCallRejected(notificationInfo.getSessionId(), new VideoCallManager.VideoCallCallback() {
@Override
public void onResults(boolean isSuccess) {
Logger.debug(TAG, "Rejected the call since another call is ongoing. " +
"isSuccess= " + isSuccess);
}
});
} else {
Logger.debug(TAG, "incoming call, session ID=" + notificationInfo.getSessionId());
AppPref.updatePref(VideoChatConstants.SESSION_ID_KEY, notificationInfo.getSessionId());
callNotificationIntent = new Intent(context, CallNotificationService.class)
.putExtra(VideoChatConstants.OTHER_PARTY_EXTRA_KEY, notificationInfo.getCallerName())
.putExtra(VideoChatConstants.IMAGE_URL_KEY, notificationInfo.getCallerImage())
.putExtra(VideoChatConstants.API_KEY, notificationInfo.getApiKey())
.putExtra(VideoChatConstants.SESSION_ID_KEY, notificationInfo.getSessionId())
.putExtra(VideoChatConstants.TOKEN_KEY, notificationInfo.getToken());
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
context.startForegroundService(callNotificationIntent);
} else {
context.startService(callNotificationIntent);
}
}
}
其实这段代码是用于视频通话的,我们也使用了视频通话库
<service
android:name=".videochat.service.CallNotificationService"
android:enabled="true"
android:foregroundServiceType="phoneCall" />
<receiver
android:name=".videochat.receiver.CallNotificationReceiver"
android:enabled="true"
android:exported="false">
<intent-filter android:priority="999">
<action android:name="CALL_RECEIVE" />
<action android:name="CALL_CANCEL" />
<action android:name="CALL_DIALOG" />
<action android:name="CALL_HANGED_UP" />
</intent-filter>
</receiver>
<receiver
android:name=".util.NotificationReceiver"
android:enabled="true"
android:exported="false">
<intent-filter android:priority="999">
<action android:name="REPLY_REMOTE" />
<action android:name="DISMISS_REMOTE" />
</intent-filter>
</receiver>
1个回答
0
投票
投票
这可能是因为您通过意图传递 API 密钥。如果可能的话尝试使用构建配置。
最新问题
- 图像在不应该被压缩的时候被压缩了
- Apple M2,~/.gitconfig 文件在运行源 ~/.gitconfig 时失败
- 为什么在JSP中点击提交按钮没有任何反应?
- 具有固定纵横比的 Matplotlib 颜色条
- kotlin,如何从函数返回类类型
- Visual Studio 代码“窗口意外终止(原因:‘崩溃’,代码:‘-2147483645’)”
- 如何在 python 3.7 和 Windows 10 上使用 matplotlib 绘制 .kml 文件中的数据?
- 如何用单个元素构成数组类型的限定表达式?
- 如果数据存在于另一个表中,则使用 Y 或 N 更新列
- 在 Spring 中处理 @GetMapping("") 的可选参数未通过 RestAssured 测试
- AWS CodePipeline 在部署前不提取工件
- apex 未安装
- 如何查看通过云功能发送的 Firebase Cloud Messaging 通知?
- 在 Spring 中处理 @GetMapping("") 的可选参数
- 我可以在导航到新页面并等待该页面完成加载后运行函数吗?
- 使列宽占据wxPython ListCtrl中的可用空间
- Terraform“azurerm_app_service_certificate”失败,退出代码“59716”
- Chrome 更新后不再可以通过 WebRTC 禁用私有 IP 匿名化?
- 在 Kotlin 中使用 Google 的生成式 AI 生成图像
- 如何使用 Android Kotlin 获取 Twitch 频道的实时状态? [已关闭]
© www.soinside.com 2019 - 2024. All rights reserved.