I published an app to the Google Play store. I just received an email from Google that says that "Your app(s) are vulnerable to Intent Redirection.
To address this issue, follow the steps in this Google Help Center article. "
I have looked into the google help center article but couldn't find anything that I can incorporate in my app.
Although, I am using Google Play Services SMS Retriever Auth which may be the cause of this problem. I am protecting the broadcast receiver with the SEND_PERMISSION which ensures that an Intent comes from Play Services by doing so:
<receiver
android:name=".receiver.SmsBroadcastReceiver"
android:permission="com.google.android.gms.auth.api.phone.permission.SEND"
android:exported="true">
<intent-filter>
<action android:name="com.google.android.gms.auth.api.phone.SMS_RETRIEVE" />
</intent-filter>
</receiver>
How can I solve this problem? Is anyone facing the same issue? If so please can you guide me as I have to resolve this issue before 20th December or my app will get removed?
You just need to replace (android:exported="true") to (android:exported="false")..
and search everywhere if you are passing any Parcelable Object and try to remove them and check again..
Finally,,,
I recommend to use this to retrieve ur SMS >> SMS_RETRIEVER_API
Related
I'm hoping somebody has wrestled with this issue and can help me out of the morass. My app is up and running in Google Play, Samsung, Amazon and the Apple App Store and properly serving ads in every one except Amazon. However, despite the presence of several ad sources in my mediation group only Admob seems to be serving ads and it almost looks as if the mediation group is being bypassed and only Admob is working. Any suggestions? Thanks!
[enter image description here][1]
Well, I did include several tags like "Open bidding" and "mediation" but my score was insufficient for this privilege. I also included some screenshots but they were disallowed. The problem is that I have a mediation group set up for open bidding that is serving ads but only from Admob and according to the instructions I've followed I should be seeing action from all the ad sources. Kudos to Stack Overflow for a response from a DNA based life form! That's a lot more than I'm able to get from Admob. 🤔
I'd want to get user's emailID from an Action on Google. I understand that Google Sign-In is the best way to do that. Even though I don't really need the user to sign in to the action, I think there is no other way to get user's email (please correct me if I'm wrong). But according to the documentation,
Google Sign-In for the Assistant is currently in developer preview. You can build Actions that use this feature, but they can't be published at this time.
However, Walgreens action does the same thing. I wanted to know how. I tried to search a lot, and ended up with these answers. I have done this already and it works. But I wanted to know, if there is any way to release an app using Google Sign-In.
If not, do I need to go through OAuth2.0 flow, and if so, I assume I'd need to have my own authentication system in place?
Please correct me if I'm wrong and help me find the best way to get user's emailID. I think there should be something easier than getting an authentication system in place and getting it to support OAuth2.
if there is any way to release an app using Google Sign-In.
You want the email id of the user. Google sign-in is nothing more than you getting the user's email address (inside a token that is signed by Google so you can verify it).
If you just get an email address as a "string" then you'd need to verify it before you can use it. So think of Google sign-in as an optimized UI flow to get a user's email address. Once you get the verified email address from Google, you can let them have access to the data on your site that is under that account.
Let me know if that is not clear.
From a timeline perspective, this should be out of developer preview within a month. Let me know if you want to try using it before that.
From my own research I think you are right. Until the Google Sign In account linking graduates from developer preview you would have to implement an OAuth workflow, which is a bit of a pain (although the implicit one doesn't look too bad). So perhaps the real question is ... when will Google Sign In account linking be fully available? Anyone from Google? Even a ballpark estimate would be useful.
I had developed gmail contaxtual gadget spec file and uploaded it on my HTTP server.
And configured "google apps marketplace sdk" on google developer console.
But my gadget is stll not showing in gmail inbox massage.
I might be some mistakes in gadget spec file.
I tried a lot but not getting any solution.
The googel developer doc is still showing old process of manifest file
which is not working right now.
Below is my gadget spec code.
<?xml version="1.0" encoding="UTF-8"?>
<Module>
<ModulePrefs
author="Pragmatic techsoft"
author_email="pragtech.co.in"
height="200"
author_location="India">
<Require feature="dynamic-height"/>
<Require feature="google.contentmatch">
<Param name="extractors">
google.com:EmailBodyExtractor
google.com:SenderEmailExtractor
</Param>
</Require>
</ModulePrefs>
<Content type="html" view="card">
<![CDATA[
hello
]]>
</Content>
</Module>
So, can any one guide me for how to configure all fields in marketplace sdk and also writting gadget spec file.
Any suggestions are most welcome.
Thanks in advance.
To help you on the Marketplace SDK configuration part, you may want to check Configure the Google Apps Marketplace SDK. With this, use the Enabled APIs link in the API section of the [Google API Console] to see a list of all your enabled APIs. In the list, locate the Google Apps Marketplace SDK, then click on its configuration icon. You'll need to configure each of the following settings:
Application Info: enter the following details for your app:
a short description for the app
icons for each size
select "Allow individual install" if you wish to allow installation by individual end users
Support URLs: enter a URL for your app's terms of service, and optionally for the other URL types listed
Scopes: enter the OAuth2 scopes for the services your app will access
Extensions: these settings enable app extensions
Click Save changes when you are done.
Then, for the gadget spec file, you may want to also check writing the gadget spec. Please also note of the following when writing your gadget spec:
Gmail contextual gadgets are written using the gadgets.* API.
be sure you are using the security best practices described in Using the right frameworks for security.
And, it will really help if you read through Gmail Contextual Gadgets and noting on the right framework for security and limitations in using extractors to avoid encountering other issues.
Pay attention to below hints:
Add an app to chrome web store and link it to your Google project, which you describe contextual gadget, with project ID. After publish this app, add it to test Google Domain. Since your gadget is in development stage so, don’t publish your app to Public. There are different "Visibility options" that you can choose.
To disable cache use nogadgetcache=1 (e.g. https://mail.google.com/?nogadgetcache=1)
Login with admin account which you want to test it, otherwise take more time to update manifest.
After Modify “Google Apps Marketplace SDK” click on “Test Installation Flow” to be sure there is no new permission.
I did these part and works for me:
Define google.com:MessageIDExtractor as first extension, however you don’t need that.
I recommend that select every scopes which you want to use in other
extensions here! I don’t know why put it seems the google just ask
these permission for my gadget
Define Param extractor in gadget.xml separately not with comma:
<Require feature="google.contentmatch">
<Param name="extractors">
google.com:MessageIDExtractor
</Param>
<Param name="extractors">
google.com:SenderEmailExtractor
</Param>
</Require>
I'm trying to access the Facebook config page for my bot and I keep getting "Sad bot is sad... can't find a bot named bot_name"
Is anyone having issues with the platform right now?
Microsoft's team solved it, as it's showed here.
We're not having any portal specific problems. If you want to share your bot handle with us at BotFramework#microsoft.com I can see if there's anything interesting in our logs.
-- just a note, we were actually having portal problems, it was just impacting only one box in one datacenter making it erratic to track down. Thanks for the report!
I'm trying yo update a game on google play to support leaderboards and achievements. (https://play.google.com/store/apps/details?id=com.rightpedalstudios.dragonseason)
However, when I go to link the app I get the message "This client ID is globally unique and is already in use."
I've searched online for people who have had the same problem and the advice they are given is to delete the client ID in the developer console, and if the app has been deleted there then undelete it first. However, there is nothing in the console using the ID, nor is there any deleted apps. As far as I can tell there is no app using the client id.
I did find another person asking a similar question here that was never answered.
Failing to create client ID, due to duplication of signing fingerprint by another Android OAuth2 client
I also get the message "The signing fingerprint you specified is already used by another Android OAuth2 client." When I try to set up a client ID from the developer console. (I know I'm not meant to do that if I'm using google play games, I just wanted to check if it failed from there too.)
I've tried contacting google support, I was directed to the google API support, and then directed here.
Two other developers that have worked on this project could have somehow created a client ID. Although I have contacted them and neither of them recall creating one.
Is there anyway to find out where this client ID is being used?
You have to delete the client id in the Google API console (now confusingly renamed the Google Developers Console !). Then you can link the app to the game straight away. I have just done this, and it worked fine for me. I wanted to link an existing app to a different game, so I deleted both the debug and prod(release) definitions and was able to immediately link the app to the new game.
Note that for many of us, doing work on Google Play Game Services in the Google API console is a last resort - many of us have encountered Google related bugs in the past by doing this !
This image may help: