My App has a intent redirection issue. So after sometime, I managed to find out where the issue is. The issue is
androidx.activity.ComponentActivity->startActivityForResult
Which i use in broadcast Receiver in SMS Retriever
private final BroadcastReceiver smsVerificationReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
if (SmsRetriever.SMS_RETRIEVED_ACTION.equals(intent.getAction())) {
Bundle extras = intent.getExtras();
Status smsRetrieverStatus = (Status) extras.get(SmsRetriever.EXTRA_STATUS);
switch (smsRetrieverStatus.getStatusCode()) {
case CommonStatusCodes.SUCCESS:
// Get consent intent
Intent consentIntent = extras.getParcelable(SmsRetriever.EXTRA_CONSENT_INTENT);
try {
startActivityForResult(consentIntent, SMS_CONSENT_REQUEST);
} catch (ActivityNotFoundException e) {
// Handle the exception ...
}
break;
case CommonStatusCodes.TIMEOUT:
// Time out occurred, handle the error.
break;
}
}
}
};
onActivityResult
@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
switch (requestCode) {
case SMS_CONSENT_REQUEST:
if (resultCode == RESULT_OK) {
// Get SMS message content
String message = data.getStringExtra(SmsRetriever.EXTRA_SMS_MESSAGE);
// Extract one-time code from the message and complete verification
if(message != null && message.contains("is")){
String pass = message.substring(message.indexOf("is") +2).trim();
mEtCode.setText(pass);
}
} else {
// Consent canceled, handle the error ...
}
break;
}
}
I made some changes to fix the issue. Now it doesn't show any vulnerability after uploading to google play. for more information visit this link
private final BroadcastReceiver smsVerificationReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
if (SmsRetriever.SMS_RETRIEVED_ACTION.equals(intent.getAction())) {
Bundle extras = intent.getExtras();
Status smsRetrieverStatus = (Status) extras.get(SmsRetriever.EXTRA_STATUS);
switch (smsRetrieverStatus.getStatusCode()) {
case CommonStatusCodes.SUCCESS:
// Get consent intent
Intent consentIntent = extras.getParcelable(SmsRetriever.EXTRA_CONSENT_INTENT);
try {
someActivityResultLauncher.launch(consentIntent);
} catch (ActivityNotFoundException e) {
// Handle the exception ...
}
break;
case CommonStatusCodes.TIMEOUT:
// Time out occurred, handle the error.
break;
}
}
}
};
For Results.
ActivityResultLauncher<Intent> someActivityResultLauncher = registerForActivityResult(
new ActivityResultContracts.StartActivityForResult(),
result -> {
if (result.getResultCode() == Activity.RESULT_OK) {
// There are no request codes
Intent data = result.getData();
String message = data.getStringExtra(SmsRetriever.EXTRA_SMS_MESSAGE);
// Extract one-time code from the message and complete verification
if(message != null && message.contains("is")){
String pass = message.substring(message.indexOf("is") +2).trim();
mEtCode.setText(pass);
}
}
});