Your app contains an Intent Redirection vulnerability
Solution 1
I have a same issue, actually Latest Unity Add Xiaomi SDK by default which cause this issue.
Simple remove Xiaomi from your Unity it will fix the issue.
Solution 2
I was having the same issue "intent redirection your app(s) are vulnerable to intent redirection" and I added exported="false" in every activity, but still got rejected, then I realized the problem was in one of the payment libraries I was using, all I had to do is update the library and the new app update got live.
my issue was in RazorPay payment gateway, I updated it from 1.6.3 to 1.6.6 (latest)
implementation 'com.razorpay:checkout:1.6.6'
they already mentioned this issue here, check it out https://github.com/razorpay/razorpay-android-sample-app/issues/202
Solution 3
We had received a similar email, In the Play Console/Alert tab, we found this
for us, the reason is "com.androidnative.features.social.common.SocialProxyActivity.StartActivity" which come from Android Native asset[Ultimate Mobile] - Unity3D.
We used that asset for Advertisements, In-app purchase and play game services instead of using the original SDK. So the possible solution is to remove that asset from our game and use the original SDK.
Ihsan Ali
Updated on June 09, 2022Comments
-
Ihsan Ali about 2 years
I launched a game to the Google Play store recently and it was going good until now. I just received an email from Google that says that "One or more of your apps contains an Intent Redirection vulnerability that puts user data at risk " and tells me I need to fix it by August 13.
I personally don't collect or demand any user data or info. However, I used Google Admob ads with Facebook mediation and Unity ads in my game which may be the cause of this problem. So, my question is how to overcome this problem? They also said in the email to make changes in the manifest file. If any one has a similar problem and knows the solution for it, your help would be appreciated.
Here is the email:
"One or more of your apps contains an Intent Redirection vulnerability that puts user data at risk. On August 13, 2019, any apps that contain unfixed security vulnerabilities beyond the dates listed on your Play Console alerts will be removed from Google Play.
Action required
Sign in to your Play Console. Select Alerts to see which apps contain a security vulnerability, and review the guidance on how to resolve the vulnerability. Update your affected apps to fix the vulnerabilities. Submit the updated versions of your affected apps. Upon resubmission, your app will be reviewed again. This process can take several hours. If the app passes review and is published successfully then no further action is required. If the app fails review then the new app version will not be published and you will receive notification via email."
-
Ihsan Ali about 5 yearsHi Vivek Savsaiya! Actually i used the original SDKS, but still i have a problem which is shown below. Also they suggest to make changes in Manifest file, but i don't see anything like this in my manifest file.. I use admob ads, admob with facebook mediation and also unity ads.. The admob and facebook mediation are from internet downloaded and the unity ads are builtin from unity.. What you suggest to do?
-
questionasker over 4 yearsi still use Unity 2017 and Xiaomi still not added, but i got this error. any idea?
-
Pratheesh over 3 yearsDoes Play Console still have this Alert tab or they have removed it with design change? Actually I have got an Intent Redirection vulnerability email. But I can't find this Alert tab on my play console. If this alert tab is still in the play console can you please direct me where is it? As the email from them is vague one. Thanks
-
Pratheesh over 3 yearsDoes Play Console still have this Alert tab or they have removed it with design change? Actually I have got an Intent Redirection vulnerability email. But I can't find this Alert tab on my play console. If this alert tab is still in the play console can you please direct me where is it? As the email from them is vague one. Thanks
-
Ramesh over 3 years@Pratheesh I am also facing same intent redirection vulnerability issue. I am also not able to finding alerts tab in console. Did you resolve this.You got any use ful information related to this. Thanks in advance
-
Matt about 3 years@Ramesh. I can't find the alerts tab either. It seems like they removed it?
-
Abandoned Cart over 2 yearsEmailing them will result in an appeal decision. They are not entirely bright and have linked the "request help" and the "submit appeal" options to the same form. On top of that, they are expecting you remove access to any exported BroadcastReceiver, even when the intent triggering it is something generated by the system, such as
Intent.ACTION_BOOT_COMPLETED
. The entire situation is a testament to their poor design and even poorer handling of it.