We have listed our android app on the play store to get published but it is up for review for 3-6 business days. So in the meantime, can we update the real-time database of firebase? Will it affect our review time?
Like if I make changes in the database, the data in the app will also change, so will google start the review process again?
Please tell. It is important.
Thank you in advance.
You can change the data. Just make sure not to break the App. If it has errors because of that it can get denied. Othervise it should not be any problem.
We had a horror story back in August where our Here Maps SDK License Key was mistakenly changed on us (to this day, nobody still knows who did it and why). It was a nightmare, because all our users' apps froze upon launch and we had to push an update to the app store (and although I've had Apple approve an app update in the past in as little as 4 hours, that time it took them 4 days!!!).
It would make much more sense to store the values locally and then have the info populated into the app. Problem is that Here Maps requires the info in App Delegate which is the top level of app and it's difficult to build database queries in there.
Our license will be renewing soon, so I am thinking of solving this issue once and for all. Anybody had this issue before and has any ideas?
We believe it would be the correct solutions to avoid major incidents.Maintaining credentials in more controlled DB is a right approach instead of keeping in AppDelegates.
I launched a game to the Google Play store recently and it was going good until now. I just received an email from Google that says that "One or more of your apps contains an Intent Redirection vulnerability that puts user data at risk " and tells me I need to fix it by August 13.
I personally don't collect or demand any user data or info. However, I used Google Admob ads with Facebook mediation and Unity ads in my game which may be the cause of this problem. So, my question is how to overcome this problem? They also said in the email to make changes in the manifest file. If any one has a similar problem and knows the solution for it, your help would be appreciated.
Here is the email:
"One or more of your apps contains an Intent Redirection vulnerability that puts user data at risk. On August 13, 2019, any apps that contain unfixed security vulnerabilities beyond the dates listed on your Play Console alerts will be removed from Google Play.
Action required
Sign in to your Play Console.
Select Alerts to see which apps contain a security vulnerability, and review the guidance on how to resolve the vulnerability.
Update your affected apps to fix the vulnerabilities.
Submit the updated versions of your affected apps.
Upon resubmission, your app will be reviewed again. This process can take several hours. If the app passes review and is published successfully then no further action is required. If the app fails review then the new app version will not be published and you will receive notification via email."
I was having the same issue "intent redirection your app(s) are vulnerable to intent redirection" and I added exported="false" in every activity, but still got rejected, then I realized the problem was in one of the payment libraries I was using, all I had to do is update the library and the new app update got live.
my issue was in RazorPay payment gateway, I updated it from 1.6.3 to 1.6.6 (latest)
implementation 'com.razorpay:checkout:1.6.6'
they already mentioned this issue here, check it out https://github.com/razorpay/razorpay-android-sample-app/issues/202
I have a same issue, actually Latest Unity Add Xiaomi SDK by default which cause this issue.
Simple remove Xiaomi from your Unity it will fix the issue.
We had received a similar email, In the Play Console/Alert tab, we found this
for us, the reason is "com.androidnative.features.social.common.SocialProxyActivity.StartActivity"
which come from Android Native asset[Ultimate Mobile] - Unity3D.
We used that asset for Advertisements, In-app purchase and play game services instead of using the original SDK. So the possible solution is to remove that asset from our game and use the original SDK.
Here is the Screenshot of my alert.
There are several points to keep in mind to resolve that issue:
The most confusing: you must rollout affected application fixed APK/AAB to 100% on all tracks where it had place to be. Important note is that among others you must rollout production track release to 100% in order to Google to reconstruct your issue.
In the new version of Play Console there is no way to find out any specific information about the issue so you should email Google Support to ask for details. As a respone you may possibly get obfuscated method or class signature, so you need to deobfuscate it.
Read carefully through official document to address issues and resolve them. Our application got rejected because SMS BroadcastReceiver did not apply any permission restraints.
Ihsan Ali
The problem is in the UnityChannel.aar file, you need to open it with the help of the archiver and open the AndroidManifest.XML. I in the line android:exported="true" wrote a false as indicated in the article in Google. Now publish the version and if the error will no longer be reported.
I had the same issue. Just remove xiaomi app game centre from your unity>>game build option. Disabling it will surely clear out the issue.
I've got a Meteor app hosted on Modulus. The app is an in-house app used by a few higher-ups in the company. We're giving it a first trial run. After deploying the app and the db to Modulus, I'm finding the data is reloading about every 10 seconds. It's like the data is reloading into minimongo, so same data appears to flash on and off. It doesn't do this running the app locally.
Insecure has been removed, but I left auto-publish in Meteor because the app needs the whole database to work with. I figured I could remove it and then publish and subscribe the whole database, but I thought that would be redundant. Could this be the problem?
I'm in contact the the Modulus folks about it, but I think they're scratching their heads. I've tried hosting the db on Compose as well with the same result. Something in the app is causing it. Was wondering if anyone might have a suggestion.
Autopublish is the culprit here. Try removing autopublish and convert your data access to publish and subscribe.
If you have already built the entire app, you will have to refactor the entire app as Thai Tran mentioned in the comments.
Also, even if you have every security in place where users are locked up, autopublish still messes your app's security up. Your entire database is on the browser. Even if you have users or not. (Not a best practice in a production app).
Meteor gives autopublish only for prototypes, not production apps.
Anyways, explanation here is with autopublish on there will be lot of Tracker incomputations which might cause these errors.
Remove it and your app should be fine (Of course after you refractor your app to use publish + subscribe).
Good Luck!
I'm working on a tweak that needs to download and install an app from the App Store (given a bundle id or some kind of other identifier), but doing so without using the App Store app (e.g., to allow the user to remotely instal an app on the device, without going through the App Store UI).
(I'll pause here to point that obviously this has nothing to do with piracy, as I want the app to be downloaded through the user's account in the store, and in any case I'm only targeting free apps at the moment).
I went through iOS 7 private framework headers and couldn't find a way to fit in and to tell the device to install an app with a given identifier. I've also looked for similar tweaks to have a look at their source, but the only one I could find was 'Auto App Updater', and its code isn't public.
I would greatly appreciate your help in coming up with a code that does that, or an open-source tweak that utilises a similar function.
Thanks a lot!
Dan