意图重定向策略违规 - 在按照提供的文档进行修复后被拒绝
Intent Redirection Policy Violation - Rejected after Fixing by Following Provided Documentation
在实施 Google Play SMS 检索器进行双因素身份验证后,我们收到了以下违规行为。按照文档修改后重新提交,再次被拒
第 1 步:修复您的应用的政策违规问题
在审核过程中,我们发现您的应用...APK 版本...违反了设备和网络滥用政策:
我们不允许引入或利用安全漏洞的代码。查看 App Security Improvement Program 以了解标记给开发人员的最新安全问题。
您可以通读设备和网络滥用政策页面,了解更多详细信息和常见违规行为的示例。
例如,您的应用存在 Intent 重定向问题,可能允许恶意应用访问私人应用组件或文件。
{包名}.modules.smsuserconsent.c.onReceive
根据文档 (https://support.google.com/faqs/answer/9267555),我们决定使用以下方法修复它:选项 2:
Option 2: Ensure that the extracted Intent is from a trustworthy source.
You can verify that the originating Activity can be trusted using methods like getCallingActivity. For example:
if (getCallingActivity().getPackageName().equals(“known”)) {
Intent intent = getIntent();
// extract the nested Intent
Intent forward = (Intent) intent.getParcelableExtra(“key”);
// redirect the nested Intent
startActivity(forward);
}
Note:
- Checking if getCallingActivity() returns a non-null value is insufficient to prevent the vulnerability. Malicious apps can supply a null value for this function.
- In the case of Google Play Services SMS Retriever Auth, protecting a broadcast receiver with the SEND_PERMISSION will ensure that an Intent comes from Play Services.
它专门调用了我们的用例,通过传递 SEND_PERMISSION,应该足以解决违反政策的问题。
这是我们的旧代码:
SmsRetriever.getClient(getCurrentActivity()).startSmsUserConsent(null);
broadcastReceiver = new SmsBroadcastReceiver(getCurrentActivity(), this);
getCurrentActivity().registerReceiver(
broadcastReceiver,
new IntentFilter(SmsRetriever.SMS_RETRIEVED_ACTION)
);
这是我们的新代码:
SmsRetriever.getClient(getCurrentActivity()).startSmsUserConsent(null);
broadcastReceiver = new SmsBroadcastReceiver(getCurrentActivity(), this);
getCurrentActivity().registerReceiver(
broadcastReceiver,
new IntentFilter(SmsRetriever.SMS_RETRIEVED_ACTION),
SmsRetriever.SEND_PERMISSION,
null,
0
);
为此,我们是否仍需要在 onReceive 中实施检查调用 activity 还是我们没有正确实施 SEND_PERMISSION?
我们经历了多次失败的审核。我们在完全执行选项 2 和 3 后终于通过了审查:
Intent consentIntent = extras.getParcelable(SmsRetriever.EXTRA_CONSENT_INTENT);
if (consentIntent == null) {
//handle error
return;
}
ComponentName name = this.activity.getCallingActivity();
int flags = consentIntent.getFlags();
if (name != null &&
name.getPackageName().equals("com.google.android.gms") &&
name.getClassName().equals("com.google.android.gms.auth.api.phone.ui.UserConsentPromptActivity") &&
flags & Intent.FLAG_GRANT_READ_URI_PERMISSION) == 0) &&
flags & Intent.FLAG_GRANT_WRITE_URI_PERMISSION) == 0)) {
activity.startActivityForResult(consentIntent, SMS_CONSENT_REQUEST);
}
在实施 Google Play SMS 检索器进行双因素身份验证后,我们收到了以下违规行为。按照文档修改后重新提交,再次被拒
第 1 步:修复您的应用的政策违规问题
在审核过程中,我们发现您的应用...APK 版本...违反了设备和网络滥用政策:
我们不允许引入或利用安全漏洞的代码。查看 App Security Improvement Program 以了解标记给开发人员的最新安全问题。 您可以通读设备和网络滥用政策页面,了解更多详细信息和常见违规行为的示例。
例如,您的应用存在 Intent 重定向问题,可能允许恶意应用访问私人应用组件或文件。
{包名}.modules.smsuserconsent.c.onReceive
根据文档 (https://support.google.com/faqs/answer/9267555),我们决定使用以下方法修复它:选项 2:
Option 2: Ensure that the extracted Intent is from a trustworthy source.
You can verify that the originating Activity can be trusted using methods like getCallingActivity. For example:
if (getCallingActivity().getPackageName().equals(“known”)) {
Intent intent = getIntent();
// extract the nested Intent
Intent forward = (Intent) intent.getParcelableExtra(“key”);
// redirect the nested Intent
startActivity(forward);
}
Note:
- Checking if getCallingActivity() returns a non-null value is insufficient to prevent the vulnerability. Malicious apps can supply a null value for this function.
- In the case of Google Play Services SMS Retriever Auth, protecting a broadcast receiver with the SEND_PERMISSION will ensure that an Intent comes from Play Services.
它专门调用了我们的用例,通过传递 SEND_PERMISSION,应该足以解决违反政策的问题。
这是我们的旧代码:
SmsRetriever.getClient(getCurrentActivity()).startSmsUserConsent(null);
broadcastReceiver = new SmsBroadcastReceiver(getCurrentActivity(), this);
getCurrentActivity().registerReceiver(
broadcastReceiver,
new IntentFilter(SmsRetriever.SMS_RETRIEVED_ACTION)
);
这是我们的新代码:
SmsRetriever.getClient(getCurrentActivity()).startSmsUserConsent(null);
broadcastReceiver = new SmsBroadcastReceiver(getCurrentActivity(), this);
getCurrentActivity().registerReceiver(
broadcastReceiver,
new IntentFilter(SmsRetriever.SMS_RETRIEVED_ACTION),
SmsRetriever.SEND_PERMISSION,
null,
0
);
为此,我们是否仍需要在 onReceive 中实施检查调用 activity 还是我们没有正确实施 SEND_PERMISSION?
我们经历了多次失败的审核。我们在完全执行选项 2 和 3 后终于通过了审查:
Intent consentIntent = extras.getParcelable(SmsRetriever.EXTRA_CONSENT_INTENT);
if (consentIntent == null) {
//handle error
return;
}
ComponentName name = this.activity.getCallingActivity();
int flags = consentIntent.getFlags();
if (name != null &&
name.getPackageName().equals("com.google.android.gms") &&
name.getClassName().equals("com.google.android.gms.auth.api.phone.ui.UserConsentPromptActivity") &&
flags & Intent.FLAG_GRANT_READ_URI_PERMISSION) == 0) &&
flags & Intent.FLAG_GRANT_WRITE_URI_PERMISSION) == 0)) {
activity.startActivityForResult(consentIntent, SMS_CONSENT_REQUEST);
}