The other day I tried to publish an aab built from v0.12.1 of cht-android
I got as review an error in the pre-release report from the google play developer console tab saying:
Security and trust
Implicit Internal Intent
Is there a way to get rid of this problem or do we have to update the code and build it again to be able to publish?
Have a good day
Not really, just a link to the help section related to the issue, here is what I can read there:
Remediation of Implicit Internal Intent Vulnerability
This information is intended for developers with app(s) that use Implicit Intents to reach one of their internal components.
What’s happening
One or more of your apps contain an Implicit Internal Intent issue. Implicit Intents used to reach an internal component allow attackers to intercept the message and either drop it, read its contents, or even replace its contents. Location(s) of the Implicit Intent usage(s) in your app can be found in the Play Console notification for your app.
How to fix “Implicit Internal Intent” alerts
Review your app for the location where an Implicit Intent is used. For example the following code uses Implicit Intents to reach an internal component:
//The app has a component that registers MY_CUSTOM_ACTION, which is only
//registered by this app, indicating that the dev intends for this Intent
//to be delivered to the internal component safely.
@Gilbert I’m doing a v0.11.1 patch release with your changes. It should be available in the next half hour or so. Please let us know if you encounter problems publishing that.
In the meantime, any more information that you are able to share on the error you encountered will help guide our investigation.
Hi @derick ,
I can see the v0.11.1 tag you created. But I can’t see its bundles, the last bundle I see are related to the v0.12.1 which is the one having an issue now.
Thank you
Error: You can’t rollout this release because it doesn’t allow any existing users to upgrade to the newly added app bundles.
The error could be because this release has lower versionCode and/or versionName than a previously existing release in Google Play Console.
If this is the first time making CHT-RCI app available in the market, are you able to delete the previous release that won’t be used? Or start from fresh? So that CHT-RCI v0.11.1 is the only one available.
About this other one:
#2
I also tried to install the APK on android 8.1.0 and it fails
Can you please let us know the following?
Phone brand and specs.
Steps you have followed to install the app in this phone
This release and previous ones from our Android app support Android Kitkat (4.4) which uses CrossWalk (XWalk). Because of this, phones with Android version 4.4 to 9 should use any of these 2 XWalk APK, corresponding to the phone architecture (armeabi-v7a or arm64-v8a):
You can try first with cht-android-v0.11.1-cht_rci-xwalk-armeabi-v7a-release.apk, must phones are okay with armeabi-v7a. I tested both XWalks APKs on the only device I have, Nokia 8 with Android 9, working fine.
Phones with Android version 10 and 11 should use the Webview APK:
#1
You are right about, the first version that failed was v0.12 and the new one is v0.11.
I had the option to remove v0.11 but I couldn’t remove v0.12 so I created a new release using cht-android-v0.11.1-cht_rci-webview-release.aab and cht -android-v0.11.1-cht_rci-xwalk-release.aab, now I’m waiting for review
2#
I was using Ulefone power5 v02 with Android 8.1.2 Kernel 4.4.95+
I copied the cht-android-v0.11.1-cht_rci-webview-arm64-v8a-release.apk to the phone via WhatsApp. After that, I tried the install which failed
Now I am using cht-android-v0.11.1-cht_rci-xwalk-arm64-v8a-release.apk and it worked fine.
It is very helpful to know the information you shared above.
Thanks very much