Implicit PendingIntent Vulnerability error from Google Play Store

As@tao mentioned, let me post the solution here.

Problem Reason:

HMS Core Push kit earlier than 5.3.0.304 version、Analytics Kit earlier than 6.0.0.301 version and Account kit earlier than 5.3.0.305 version contain the Implicit PendingIntent issue.

Solution:

Push Kit SDK version 5.3.0.304、Analytics Kit SDK version 6.0.0.301 and Account kit SDK version 5.3.0.305 have been released and fixed the Implicit PendingIntent issue. They've been tested and verified by developers and can be approved by Google for release.

If you are currently using the plug-in(such as React Native, Cordova, Ionic,Flutter), Before the new version of those plug-in released, Huawei also provide a workaround solution(By manually changing the version number).

The following describes the modification method (based on the 5.x plug-in):

• React Native：

1. After the HMS Core plug-in is installed in the RN, the plug-in package is stored in node_modules/@hmscore.

   

2. You need to modify the build.gradle file in the node_modules/@hmscore/react-native-hms-account/android directory (taking the Account Kit plug-in as an example):

   Open the build.gradle file and change the SDK version in dependencies.

dependencies {
    implementation fileTree(dir: "libs", include: ["*.jar"])
    implementation 'com.facebook.react:react-native:+'  // From node_modules
    implementation 'com.huawei.hms:hwid:5.0.3.302'
}

3. After the update, run the following command to start compilation again. The plug-in downloads the new SDK:

   react-native run-android

• Cordova/Ionic

1. If you have installed the plugin as Huawei document describred, the plugin should be saved in node_modules/@hmscore folder.

   

2. You need to modify the plugin.xml file in the node_modules/@hmscore/cordova-plugin-hms-push directory. (The following uses the Push Kit plug-in as an example)

   Open the Plugin.xml file, search for the keyword framework, and find the SDK to be modified.

<framework src="androidx.core:core:1.3.1"/>
<framework src="com.facebook.fresco:fresco:2.2.0"/>
<framework src="com.huawei.hms:push:5.0.2.301" />
<framework src="resources/plugin.gradle" custom="true" type="gradleReference"/>

Change the version number to the new one and save it.

3. Go back to the application root directory and delete the platforms/android and plugins/cordova-plugin-hms-push folder.

   

4. Run the following command in the root directory:

   Cordova：

   cordova platform add android

   cordova run android --device

   Ionic(Cordova)：

   ionic cordova platform add android

   ionic build

   ionic cordova run android --device

5. Ionic (Capacitor) operates in different ways:

   ①. Delete the capacitor-cordova-android-plugins folder from the android directory.

   

   ②. Modify the plugin.xml file according to the description in step 2.

   ③. Run the following command:

   ionic build

   npx cap sync

   npx cap open android

   ④. Recompile in the Android Studio

• Flutter

  You may refer to this answer.

Summary

The plug-ins above are used in open source mode, so developers can modify them directly.

However, the Xamarin plug-in is published in Nuget Package mode. Therefore, you cannot modify the SDK version. If this problem occurs, please feel free to contact us.

Author by

shirley

Questions under huawei-mobile-services will be answered ASAP. 😊🧡 Resources: 🧐 What is HMS Core 😸 r/HMSCore on Reddit 📰 Development Documentation 💻 Sample Code 🔍 HUAWEI Codelabs 📖 HMS MOOC (Massive Open Online Course) 🔑 HMS Core Toolkit

Updated on December 31, 2022