Develop Reference

Android Your app(s) are vulnerable to Intent Redirection

I got an email from google play support saying "Intent Redirection Your app(s) are vulnerable to Intent Redirection. To address this issue, follow the steps in this Google Help Center article."
After reading through the article, I'm guessing the key is my app should not call startActivity, startService, sendBroadcast, or setResult on untrusted Intents (intents used by external apps to invoke my app for example) without validating or sanitizing these Intents.
However, solution 1 in the article doesn't work in my case because my component needs to receive Intents from other apps.
Solution 2 is not applicable to my case because I don't know in advance which app would invoke my app, so I don't know what would getCallingActivity returns.
Solution 3 seems to be the most promising one, I tried to removeFlags of intents, however, when I resubmit my app, Google Play again alerts this vulnerability. I am about to try checking whether an Intent grants a URI permission using methods like getFlags and submit my app again to see the result. Does anyone know how do Google check this vulnerability anyway, and could someone spot the vulnerability in my source code and suggest a way to resolve it?
The exact message from Google Play is
Intent Redirection
Your app(s) are vulnerable to Intent Redirection.
To address this issue, follow the steps in this Google Help Center article.
com.mydomain.somepackage.a->a
And the following is the simplified source code.
// MainActivity.java
public class MainActivity extends CordovaActivity
{
SpecialUtil specialUtil;
#Override
public void onCreate(Bundle savedInstanceState)
{
super.onCreate(savedInstanceState);
specialUtil = new specialUtil(MainActivity.this);
}
#Override
public void onResume() {
super.onResume();
specialUtil.verifyServerIfNeeded(MainActivity.this);
}
#Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if (requestCode == this.specialUtil.CERT_INVALID_POPUP_REQUEST_CODE) {
// the user clicked the return button in the alert dialog within WhiteScreen activity
this.specialUtil.declareAsFailure();
}
}
#Override
protected void onNewIntent(Intent intent) {
super.onNewIntent(intent);
setIntent(intent);
}
}
// com/mydomain/somepackage/SpecialUtil.java
public class SpecialUtil {
private SharedPreferences mSharedPreferences;
private SharedPreferences.Editor mSharedPreferencesEditor;
private SharedPreferences.OnSharedPreferenceChangeListener listener;
private Activity activity;
private boolean shownCertInvalidPopup = false;
public final int CERT_INVALID_POPUP_REQUEST_CODE = 1000;
public SpecialUtil(Activity activity) {
this.activity = activity;
this.mSharedPreferences = PreferenceManager.getDefaultSharedPreferences(activity);
this.mSharedPreferencesEditor = mSharedPreferences.edit();
this.listener = new SharedPreferences.OnSharedPreferenceChangeListener() {
#Override
public void onSharedPreferenceChanged(SharedPreferences sharedPreferences, String key) {
if (key.equals("SOME_RESULT")) {
String result = mSharedPreferences.getString("SOME_RESULT", "");
if (result.equals("RESULT_OK")) {
SpecialUtil.this.declareAsSuccess();
} else if (result.equals("RESULT_CANCELED")) {
SpecialUtil.this.declareAsFailure();
}
}
}
};
this.mSharedPreferences.registerOnSharedPreferenceChangeListener(listener);
}
public void verifyServerIfNeeded(Activity activity) {
Intent intent = activity.getIntent();
if (this.isFlowA(intent)) {
this.removePermission(intent);
String url = intent.getStringExtra("url");
this.verifyServer(url);
} else if (this.isFlowB(intent)) {
this.removePermission(intent);
String payment_request_object_url = intent.getData().getQueryParameter("pay_req_obj");
String callback_url = intent.getData().getQueryParameter("callback");
this.verifyServer(payment_request_object_url);
}
}
public boolean isFlowA(Intent intent) {
if (intent.getAction().equals("someAction")) {
return true;
}
return false;
}
public boolean isFlowB(Intent intent) {
if (intent.getData() != null) {
String path = intent.getData().getPath();
if (path.equals("something")) {
return true;
}
}
return false;
}
public void verifyServer(final String httpsURL) {
new Thread(new Runnable() {
#Override
public void run() {
try {
boolean isCertValid = SpecialUtil.this.verify(httpsURL);
if (isCertValid) {
// do somthing
} else {
// show a white screen with an alert msg
SpecialUtil.this.activity.runOnUiThread(new Runnable() {
public void run() {
if (!shownCertInvalidPopup) {
shownCertInvalidPopup = true;
Intent intent = new Intent(SpecialUtil.this.activity, WhiteScreen.class);
SpecialUtil.this.activity.startActivityForResult(intent, CERT_INVALID_POPUP_REQUEST_CODE);
}
}
});
}
} catch (IOException e) {
SpecialUtil.this.declareAsFailure();
}
}
}).start();
}
private void declareAsSuccess() {
this.activity.setResult(Activity.RESULT_OK, SpecialUtil.this.activity.getIntent());
this.activity.finishAndRemoveTask();
}
public void declareAsFailure() {
this.activity.setResult(Activity.RESULT_CANCELED, this.activity.getIntent());
this.activity.finishAndRemoveTask();
}
private void removePermission(Intent intent) {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
intent.removeFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
intent.removeFlags(Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
}
}
}
// com/mydomain/somepackage/WhiteScreen.java
public class WhiteScreen extends Activity {
SpecialUtil specialUtil;
#Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
specialUtil = new SpecialUtil(WhiteScreen.this);
String title = "someTitle";
final AlertDialog.Builder builder = new AlertDialog.Builder(WhiteScreen.this)
.setTitle(title)
.setPositiveButton(btn_text, new DialogInterface.OnClickListener() {
public void onClick(DialogInterface dialog, int which) {
// Don't start the process, quit App immediately
WhiteScreen.this.setResult(Activity.RESULT_CANCELED, WhiteScreen.this.getIntent());
WhiteScreen.this.finishAndRemoveTask();
}
});
AlertDialog alertDialog = builder.create();
alertDialog.show();
}
}

TelephonyManager.requestNetworkScan - Android P Preview

Has anyone tried this API?
I'm developing a privileged system app to scan the network.
For some reason I get error 2 'Wrong parameters' when I try using it.
Granted the app MODIFY_PHONE_STATE permission, and still get the error
Here's an extract:
public class ScannerActivity extends Activity implements View.OnClickListener {
private final int PHONE_STATE_REQUEST = 1;
private Button scanButton;
private TextView resultsTextView;
private class RadioCallback extends TelephonyScanManager.NetworkScanCallback {
private List<CellInfo> mCellInfoResults;
private int mScanError;
#Override
public void onResults(List<CellInfo> cellInfoResults) {
mCellInfoResults = cellInfoResults;
ScannerActivity.this.runOnUiThread(new Runnable() {
#Override
public void run() {
for (CellInfo cellInfo:mCellInfoResults) {
resultsTextView.append(" " + cellInfo.toString() + " ");
}
}
});
}
#Override
public void onError(int error) {
mScanError = error;
ScannerActivity.this.runOnUiThread(new Runnable() {
#Override
public void run() {
resultsTextView.append(" Error: " + mScanError);
}
});
}
#Override
public void onComplete() {
ScannerActivity.this.runOnUiThread(new Runnable() {
#Override
public void run() {
resultsTextView.append(" Scan Completed! ");
}
});
}
}
#Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_scanner);
scanButton = (Button) findViewById(R.id.scan_button);
scanButton.setOnClickListener(this);
resultsTextView = (TextView) findViewById(R.id.results_text_view);
}
public void onClick(View view) {
NetworkScanRequest networkScanRequest;
RadioAccessSpecifier radioAccessSpecifiers[];
int bands[];
ArrayList<String> PLMNIds = new ArrayList<String>(Arrays.asList("42501"));
TelephonyManager telephonyManager = (TelephonyManager) getApplicationContext()
.getSystemService(Context.TELEPHONY_SERVICE);
bands[0] = AccessNetworkConstants.UtranBand.BAND_1;
radioAccessSpecifiers = new RadioAccessSpecifier[1];
radioAccessSpecifiers[0] = new RadioAccessSpecifier(
AccessNetworkConstants.AccessNetworkType.UTRAN,
bands,
null);
networkScanRequest = new NetworkScanRequest(
NetworkScanRequest.SCAN_TYPE_ONE_SHOT,
radioAccessSpecifiers,
0,
60,
false,
0,
PLMNIds);
telephonyManager.requestNetworkScan(networkScanRequest, AsyncTask.SERIAL_EXECUTOR,new RadioCallback());
}
}
Does anyone has an idea what parameters did i pass wrong?
I first thought that it might be LTE / 3G issue, but I get the same results both for UTRAN & EUTRAN.
I also ruled out SIM issue - the same error happens with 2 different SIMS, both successfully scanning the network form settings app for example.

OK, figured it out - for anyone who may come across this issue -
searchPeriodicity & incrementalResultsPeriodicity cannot be 0, despite the documentation,
and irrelevance of these parameters for one shot scan.

How to detect physical key click in a android wearable?

I am using sony smartwatch 3 and it has a power button which I want to control or say manipulate.
I have already tried using :
onKeyDown()
onKeyUp()
onKeyLongPress()
but with no success it doesn't even detect the press of key.
I have also tried using dispatchkeyevent(keyevent event) and shouldOverrideKeyEvent(keyevent event)but again no success.
Please guide.

You need to initialize and connect with GoogleApiClient. Once you clicks the button you have to get list of nodes and send a message to them. The last step is to read this message fron phone part of app, this can be done by registering proper WearableListenerService. Please see the sample code below.
Wearable App:
public class WearableButtonActivity extends Activity {
private GoogleApiClient mGoogleApiClient;
#Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.wearable_button_activity);
mGoogleApiClient = new GoogleApiClient.Builder(this)
.addApi(Wearable.API)
.build();
mGoogleApiClient.connect();
}
public void onButtonClicked(View target) {
if (mGoogleApiClient == null)
return;
final PendingResult<NodeApi.GetConnectedNodesResult> nodes = Wearable.NodeApi.getConnectedNodes(mGoogleApiClient);
nodes.setResultCallback(new ResultCallback<NodeApi.GetConnectedNodesResult>() {
#Override
public void onResult(NodeApi.GetConnectedNodesResult result) {
final List<Node> nodes = result.getNodes();
if (nodes != null) {
for (int i=0; i<nodes.size(); i++) {
final Node node = nodes.get(i);
// You can just send a message
Wearable.MessageApi.sendMessage(mGoogleApiClient, node.getId(), "/MESSAGE", null);
// or you may want to also check check for a result:
// final PendingResult<SendMessageResult> pendingSendMessageResult = Wearable.MessageApi.sendMessage(mGoogleApiClient, node.getId(), "/MESSAGE", null);
// pendingSendMessageResult.setResultCallback(new ResultCallback<MessageApi.SendMessageResult>() {
// public void onResult(SendMessageResult sendMessageResult) {
// if (sendMessageResult.getStatus().getStatusCode()==WearableStatusCodes.SUCCESS) {
// // do something is successed
// }
// }
// });
}
}
}
});
}
}
Listener:
findViewById(R.id.button).setOnClickListener(new OnClickListener() {
#Override
public void onClick(View v) {
onButtonClicked(v);
}
});
Phone App:
public class DataLayerListenerService extends WearableListenerService {
#Override
public void onMessageReceived(MessageEvent messageEvent) {
super.onMessageReceived(messageEvent);
if("/MESSAGE".equals(messageEvent.getPath())) {
// launch some Activity or do anything you like
}
}
}

Nuera authentication screen isn't opened when calling neuraApiClient.authenticate(...)

I'm working with Neura sdk in order to detect special events of my users( arriving/leaving home)
I'm trying to initiate their authentication, as described below (fetchPermissions() and initNeuraConnection() are the same as in the documentations, and mAuthenticationRequest is initiated on fetchPermissions())
#Override
public void onViewCreated(View view, Bundle savedInstanceState) {
super.onViewCreated(view, savedInstanceState);
getMainActivity().initNeuraConnection();
fetchPermissions();
getMainActivity().getClient().authenticate(NEURA_AUTHENTICATION_REQUEST_CODE, mAuthenticateRequest);
}
My issue is that once i call authenticate - nothing happens and the neura login screen isn't opened

There are few things you can check :
Have you declared initNueraConnection() and fetchPermissions() as described in the Neura dev site ?
If so, I suspect you're sending authenticate(...) a nullable mAuthenticateRequest instance.
Since fetchPermissions() is asynchronous(its a network call), you're calling authenticate(...) before the results are fetched from fetchPermissions(), so, mAuthenticateRequest is null, since it's not initiated yet.
You should call authenticate(...) only after you recieve the data on fetchPermissions().
For example, you can do this :
#Override
public void onViewCreated(View view, Bundle savedInstanceState) {
super.onViewCreated(view, savedInstanceState);
getMainActivity().initNeuraConnection();
fetchPermissions();
}
private void fetchPermissions() {
loadProgress(true);
getMainActivity().getClient().getAppPermissions(new GetPermissionsRequestCallbacks() {
#Override
public void onSuccess(final List<Permission> permissions) throws RemoteException {
if (getActivity() == null)
return;
getActivity().runOnUiThread(new Runnable() {
#Override
public void run() {
loadProgress(false);
mPermissions = new ArrayList<>(permissions);
mAuthenticateRequest = new AuthenticationRequest();
mAuthenticateRequest.setAppId(getMainActivity().getClient().getAppUid());
mAuthenticateRequest.setAppSecret(getMainActivity().getClient().getAppSecret());
mAuthenticateRequest.setPermissions(mPermissions);
getMainActivity().getClient().authenticate(NEURA_AUTHENTICATION_REQUEST_CODE, mAuthenticateRequest);
}
});
}
#Override
public void onFailure(Bundle resultData, int errorCode) throws RemoteException {
loadProgress(false);
mRequestPermissions.setEnabled(true);
}
#Override
public IBinder asBinder() {
return null;
}
});
}
Fyi, you can check your logcat for this error : authenticationRequest is nullable, couldn't create authenticate request.

getDialogsUsers returns no elements

I am trying to create chat in app using sampe-chat codes.
I authorized user, got opponend id, after that successfully created dialog:
ChatService.initIfNeed(this);
QBUsers.getUserByLogin(login, new QBEntityCallbackImpl<QBUser>() {
#Override
public void onSuccess(QBUser qbUser, Bundle args) {
QBPrivateChatManager privateChatManager = QBChatService.getInstance().getPrivateChatManager();
privateChatManager.createDialog(qbUser.getId(), new QBEntityCallbackImpl<QBDialog>() {
#Override
public void onSuccess(QBDialog dialog, Bundle args) {
ChatActivity.this.dialog = dialog;
setContentView(R.layout.activity_chat);
initViews();
if (isSessionActive()) {
initChat();
}
ChatService.getInstance().addConnectionListener(chatConnectionListener);
}
#Override
public void onError(List<String> errors) {
Log.e("chat", errors.toString());
}
});
}
#Override
public void onError(List errors) {
Log.e("chat", errors.toString());
}
});
But at initViews() I've got error at
else if (dialog.getType() == QBDialogType.PRIVATE) {
Integer opponentID = ChatService.getInstance().getOpponentIDForPrivateDialog(dialog);
companionLabel.setText(ChatService.getInstance().getDialogsUsers().get(opponentID).getLogin());
}
The error is because ChatService.getInstance().getDialogsUsers() returns 0 elements: , so ChatService.getInstance().getDialogsUsers().get(opponentID).getLogin() gives exception.
Any explanations of this I have not found in documentation:
Why I have got 0 elements at ChatService.getInstance().getDialogsUsers()? Dialog is successfully created.

The 'getDialogsUsers' is not an SDK method, it's from code sample
You can just look into it, what does it do
https://github.com/QuickBlox/quickblox-android-sdk/blob/master/sample-chat/src/com/quickblox/sample/chat/core/ChatService.java#L195
It returns a map of users, set in L172
https://github.com/QuickBlox/quickblox-android-sdk/blob/master/sample-chat/src/com/quickblox/sample/chat/core/ChatService.java#L172
Try to follow this file and move all needed logic to your app