Implicit PendingIntent Vulnerability error from Google Play Store - react-native

Problem Describe:
Recently, some developers have reported that they want to update their app(s) on Play Store,
However, it receives rejection from Google with the title Implicit PendingIntent Vulnerability, said that their app(s) contain an Implicit PendingIntent issue. And they need to fix this issue before the deadlines shown in their Play Console, or app(s) may be removed from Google Play.
Similar Question: Google denied update due Remediation for Implicit PendingIntent Vulnerability

As#tao mentioned, let me post the solution here.
Problem Reason:
HMS Core Push kit earlier than 5.3.0.304 version、Analytics Kit earlier than 6.0.0.301 version and Account kit earlier than 5.3.0.305 version contain the Implicit PendingIntent issue.
Solution:
Push Kit SDK version 5.3.0.304、Analytics Kit SDK version 6.0.0.301 and
Account kit SDK version 5.3.0.305 have been released and fixed the Implicit PendingIntent issue. They've been tested and verified by developers and can be approved by Google for release.
If you are currently using the plug-in(such as React Native, Cordova, Ionic,Flutter), Before the new version of those plug-in released, Huawei also provide a workaround solution(By manually changing the version number).
The following describes the modification method (based on the 5.x plug-in):
React Native:
After the HMS Core plug-in is installed in the RN, the plug-in package is stored in node_modules/#hmscore.
You need to modify the build.gradle file in the node_modules/#hmscore/react-native-hms-account/android directory (taking the Account Kit plug-in as an example):
Open the build.gradle file and change the SDK version in dependencies.
dependencies {
implementation fileTree(dir: "libs", include: ["*.jar"])
implementation 'com.facebook.react:react-native:+' // From node_modules
implementation 'com.huawei.hms:hwid:5.0.3.302'
}
After the update, run the following command to start compilation again. The plug-in downloads the new SDK:
react-native run-android
Cordova/Ionic
If you have installed the plugin as Huawei document describred, the plugin should be saved in node_modules/#hmscore folder.
You need to modify the plugin.xml file in the node_modules/#hmscore/cordova-plugin-hms-push directory. (The following uses the Push Kit plug-in as an example)
Open the Plugin.xml file, search for the keyword framework, and find the SDK to be modified.
<framework src="androidx.core:core:1.3.1"/>
<framework src="com.facebook.fresco:fresco:2.2.0"/>
<framework src="com.huawei.hms:push:5.0.2.301" />
<framework src="resources/plugin.gradle" custom="true" type="gradleReference"/>
Change the version number to the new one and save it.
Go back to the application root directory and delete the platforms/android and plugins/cordova-plugin-hms-push folder.
Run the following command in the root directory:
Cordova:
cordova platform add android
cordova run android --device
Ionic(Cordova):
ionic cordova platform add android
ionic build
ionic cordova run android --device
Ionic (Capacitor) operates in different ways:
①. Delete the capacitor-cordova-android-plugins folder from the android directory.
②. Modify the plugin.xml file according to the description in step 2.
③. Run the following command:
ionic build
npx cap sync
npx cap open android
④. Recompile in the Android Studio
Flutter
You may refer to this answer.
Summary
The plug-ins above are used in open source mode, so developers can modify them directly.
However, the Xamarin plug-in is published in Nuget Package mode. Therefore, you cannot modify the SDK version. If this problem occurs, please feel free to contact us.

Related

How to deploy codespush bundle on old targets when there are native changes on the new build

Before i continue, let me let you know that i know the code to deply to a targeted build for codepush
appcenter codepush release-react -a aountName/appName -d Production -m --description "CommentHere" -t versionName
I have tried to figure this out on my own and i have not been able to.
I have several versions of my app which i have deploy using CodePush and everything works well but I started having fears of crashes when i installed new packages on the latest build.
This implies the current code base would have new native differences as compaird to the old version.
The question is how can i deploy my new build with new native codes
and packages present to an old version of my app which does not have those
native packages without running into several crashes from all the users using the old version of the app...
I ask this cos i have a feeling if i push the new build with the new changes in UI and native chnages to the old version of my app, the app old app would crash.
If a bug comes in for an old version, how do I fix it and deploy it
for the old version only? Bugs may be critical and not everyone will
have the latest version of the app Or, the bug may only exist on a old
version of the app.
I await your response.
Code push will not affect any native code written within the Android or the iOS projects of a React-Native application. If you read the documentations carefully, it specifically says that it does not change / modify / update the native portion of the app.
Why?
This is because of the way the CodePush mechanism works. In essence, CodePush only stores and triggers the update of the JS bundle of the React-Native application.
This is why we wrap only the JS main app instance with CodePush HOC (Higher Order Component). This is what's happening when you do:
CodePush(MyApp); //wrapping the js bundle at app-root
So, unfortunately in your case, if there are native codes involved, regardless of deployment to a new or old version of the app, it has to be a AppStore / Playstore driven deployment.

how to add ios support for existing React Native application with only Android support?

I know it might be very basic question. But I am very new and got a codebase with only android support. I need to add iOS for it. Please help me
As you're aiming to build a cross-platform app, React Native provides two ways to organize the code and seperate it by platform: platform module or platform-specific file extensions.
As you already have an Android app, I assume it has more complexity so you might want to split the code out into separate files.
You say you have an Android app but i don't thing that at any point you specified that the app should only build for Android (you can review in the package and the project configuration). So, the following command should be enough:
react-native run-ios
If you created your react native app from a template (e.g. using npx react-native init ProjectName), it already provides an ios and android folder, so it already supports it. If the file is not there, you could follow the instructions that #Rajan shared above to recreate the ios folder.
If your problem is running the iOS application using npm run ios, and its failing to build or the javascript throws an error, the quickest thing to try is cd ios, then pod install. If this does not work, it might be because you have additional dependencies you have installed, which require specific instructions and configuration to be done in the ios folder. This is library dependent, if needed, will be explained in depth in the README.md of the library. For example, react-native-firebase has a lot of steps, and is different to the android configuration.
Sometimes it is helpful to modify these configurations in XCode instead of editing the files manually (e.g. plist, xml, xproj). You can open xcode quickly using xed ios when in the root project folder.
Note: As usual, remember to have the libraries available in the node_modules folder, npm install.
In the future, you might choose to run different javascript code based on the platform (platform-specific code). React native allows that by using file.android.js and file.ios.js. However, your IDE is likely to struggle with the 2 files, and won't be as helpful compared to file.js. Alternatively, you can import Platform and conditionally check at runtime, what your platform is.
If you used Expo, you don't have access to the native code, but will already support iOS.

compile apk on a folder "Android" already created previously in react-native

I'm new to react-native, I've seen tutorials but everyone uses expo. I downloaded this project where they don't use expo. I want to compile this application for android, to finally get an .apk
This application already has a folder called "Android" but inside it does not have its respective .apk. How can I generate it?
this is the repository:
https://github.com/zsajjad/BusinessCard
It would be great if you can attach screenshots of how I should do it
Note. I have the latest version of android studio and I don't see the option of "build"
commands like "gradlew" from the console, they don't work, it's as if I didn't have that command installed
Following instructions for build apk using android studio
Hope you installed node and react native on your machine. If not
please follow the link to install it.Install node and react native
open your command prompt or terminal and redirect to your download project - cd /Businesscard Master (change it according to your project location)
Now enter - npm install
Enter - react-native link
Follow the android related linking instructions on following link react native camera
Hope you know about android camera and storage permissions.
same thing for react native text detector. Because your downloaded project have that packages in package.json
Now open your project android folder in android studio using open existing android project.
Then select build your project from android studio build menu and run it also
Generate apk using build menu- same process you have to follow for native android project
You don't need to use the CLI, that's needlessly complicated and it obscures what Android Studio is actually doing. Here's all you need to do.
Open the whole /Android/ folder in Android Studio. This is your "project" similar to how you open a *.xed file in XCode. Except in Android Studio, you just open up the whole folder to get the build.
Android Studio will now prepare your project using Gradle. If there are any errors in the preparation it will tell you about them. Assuming your gradle and Android Studio versions are compatible and you got no errors, you're now ready to emulate, debug and create a production build. At this point the workflow is similar to using XCode. You'll see emulators under Tools -> AVD Manager.
In the file menus go to Build->Generate APK. You can choose between signed APKs, debug APKs and so on. You'll need the key file if you're signing the APK on your computer, otherwise there's also Google Play signing after you upload the APK.
TL;DR: Just open your /Android/ folder in Android Studio.
Side note: When Android Studio gives you popups to upgrade stuff don't do it. NEVER upgrade Gradle or Android Studio unless the RN / Expo team specifically ask you. This will break your whole project and you will need to rebuild the platform.

Dart SDK version error when getting dependencies

I'm trying to add the http and image Dart packages. After adding the dependencies in pubspec.yaml and attempt to "Get dependencies", I'm getting the version error.
I have attempted "Check for Update" in IntelliJ, reinstall Flutter and Dart plug in in IntelliJ, redownload Flutter, and ran "flutter upgrade" in Flutter Console, with no luck. It seems the Dart SDK that comes with Flutter has not been updated.
I was able to download later version of Dart SDK independently, but if I just drop the dart-sdk folder of a newer version into the Flutter folder, I get more error still.
How can I update the Dart SDK in the Flutter package, so I can add dependencies?
The reason was flutter console being in the beta channel, causing flutter to not upgrade to latest version. Fix was flutter channel dev then flutter upgrade in console.

how to update Google Play service on Emulator android studio

I got the Key and set restrict, but I still cannot open map on the Emulator. On the build.gradle, I saw that the google play service is 9.8.0 now, and I think this is the newest one. However, when I run the sample-app, it say I need to update Google Play service?
dependencies {
compile fileTree(dir: 'libs', include: ['*.jar'])
testCompile 'junit:junit:4.12'
compile 'com.android.support:appcompat-v7:23.4.0'
compile 'com.google.android.gms:play-services-maps:9.+'
}
I check on the Android Emulator that it doesn't have Play store. Is it the missing one? I follow this link
https://developers.google.com/maps/documentation/android-api/start#step_2_install_the_google_play_services_sdk
to install Google Play services but I cannot found anything that can help. My Android studio version is 2.2.2.
I download the GooglePlayServices apk file (com.google.android.gms-9.8.77-440-135396225-APK4Fun.com), I dragged and dropped it into emulator to install, but it has error
Error: INSTALL FAIL INCOMPATIABLE
W/GooglePlayServicesUtil: Google Play services out of date. Requires 9877000 but found 9683470
I need your help.
After 3 days of searching. I found out that the Maps is unavailable to display on Emulator this time. All we have to do is run app on physical device and it will work.
You need to change on build.gradle for the following:
compile 'com.google.android.gms:play-services:9.0.2'
First, try to check your SDK Manager if the Google Play service there is updated. Also, try to open the stand alone SDK Manager and update the Android SDK Tools, The Android SDK Platform-tools and Android SDK Build-tools.
To update the Google Play service in the emulator itself, check this SO question. It will explain you on how to do this.
Another possible reason for this issue if you uses play-services:9.8.0 is found in this thread. It is stated here that the updated Android tools (which contains the Android Emulator system image) aren't out yet. So in the meantime, try to use downgrade version of play, service instead of 9.8.0.
For more information, check this documentation on how to setup Google Play Services
In the Android SDK Manager, you must install "Google APIs (x86 System Image)" under "Android 4.4.2 (API 19)". Quit Eclipse and restart it.
Then create a new android virtual device in AVD manager and choose "Google APIs x86 (Google Inc.) - API Level 19" as target. Check "Use Host GPU" to ensure the drawing of the map will be accelerated.
That's it, this new emulator will have Play Services preinstalled and it will run faster because it's a x86 image.
Yeah, Thank you guys. I can make it work on Emulator now. I use the
compile 'com.google.android.gms:play-services-maps:9.6.0'