收到来自 Google 的邮件“您的应用程序易受 Intent Redirection 攻击”但找不到漏洞

Question

当我更新我的应用程序时，我收到了一封来自谷歌的邮件，显示

您好 Google Play 开发者，

我们审核了您的应用，发现您的应用使用的软件存在用户安全漏洞。具有这些漏洞的应用程序可能会暴露用户信息或损坏用户的设备，并可能被视为违反我们的恶意行为政策。

漏洞 -您的应用程序容易受到意图重定向的影响。

但我没有做任何意图提取或重定向。稍微搜索后，我应用了一些解决方案， android:exported="false" 但它们都不起作用。

现在，我认为某些第三方插件是造成该漏洞的原因。如何在我的代码中找到该漏洞？

下面是我的 build.gradle 文件

apply plugin: 'com.android.application'
apply plugin: 'com.google.gms.google-services'
apply plugin: 'com.google.firebase.crashlytics'

android {
    compileSdkVersion 29
    defaultConfig {
        minSdkVersion 21
        targetSdkVersion 29
        renderscriptTargetApi 18
        renderscriptSupportModeEnabled true
        multiDexEnabled true
        testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
        resConfigs "en"

    }
    buildTypes {
        debug {
            firebaseCrashlytics {
                mappingFileUploadEnabled false
            }
        }
        release {
            minifyEnabled true
            shrinkResources true
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }
    compileOptions {
        sourceCompatibility = '1.8'
        targetCompatibility = '1.8'
    }
    externalNativeBuild {
        ndkBuild {
            path 'src/main/jni/Android.mk'
        }
    }
    dependencies {
        androidTestImplementation('androidx.test.espresso:espresso-core:3.1.1', {
            exclude group: 'com.android.support', module: 'support-annotations'
        })
        testImplementation 'junit:junit:4.12'
        implementation 'androidx.multidex:multidex:2.0.1'
        implementation fileTree(dir: 'libs', include: ['*.jar'])

        implementation 'androidx.appcompat:appcompat:1.2.0'
        implementation 'androidx.constraintlayout:constraintlayout:2.0.2'
        implementation 'androidx.legacy:legacy-support-v4:1.0.0'
        implementation 'androidx.recyclerview:recyclerview:1.1.0'
        implementation 'androidx.cardview:cardview:1.0.0'
        implementation "androidx.viewpager2:viewpager2:1.0.0"
        implementation 'com.github.bumptech.glide:glide:4.11.0'
        annotationProcessor 'com.github.bumptech.glide:compiler:4.11.0'
        implementation 'com.google.android.material:material:1.3.0-alpha03'
        //fix
        implementation 'com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava'
        implementation 'com.google.android.gms:play-services-basement:17.5.0'

        //Firebase
        implementation platform('com.google.firebase:firebase-bom:25.12.0')
        implementation 'com.google.firebase:firebase-auth'
        implementation 'com.google.firebase:firebase-database'
        implementation 'com.google.firebase:firebase-storage'
        implementation 'com.google.firebase:firebase-firestore'
        implementation 'com.google.firebase:firebase-messaging'
        implementation 'com.google.firebase:firebase-config'
        implementation 'com.google.firebase:firebase-analytics'
        implementation 'com.google.firebase:firebase-crashlytics'
        implementation 'com.google.firebase:firebase-inappmessaging-display'
        implementation 'com.firebaseui:firebase-ui-auth:6.3.0'

        // Google Sign In SDK (only required for Google Sign In)
        implementation 'com.google.android.gms:play-services-auth:18.1.0'
        implementation 'com.google.android.gms:play-services-identity:17.0.0'

        // Facebook Android SDK (only required for Facebook Login)
        implementation 'androidx.browser:browser:1.2.0'
        implementation 'com.facebook.android:facebook-android-sdk:7.1.0'

        //retrofit
        implementation 'com.squareup.retrofit2:retrofit:2.2.0'
        implementation 'com.squareup.retrofit2:converter-gson:2.2.0'
        implementation 'com.squareup.okhttp3:logging-interceptor:3.9.0'

        //json utilities
        implementation 'com.fasterxml.jackson.core:jackson-core:2.10.1'
        implementation 'com.fasterxml.jackson.core:jackson-annotations:2.10.1'
        implementation 'com.fasterxml.jackson.core:jackson-databind:2.10.1'

        //Paytm All-in-one SDK Payment Gateway
        implementation'com.paytm.appinvokesdk:appinvokesdk:1.5'
        //Circular ImageView
        implementation 'de.hdodenhof:circleimageview:2.2.0'
        //Number Picker
        implementation 'com.shawnlin:number-picker:2.4.7'
        //Version Compare
        implementation 'com.g00fy2:versioncompare:1.3.2'
        //Seekbar
        implementation 'com.github.warkiz.widget:indicatorseekbar:2.1.2'
        //country picker
        implementation 'com.hbb20:ccp:2.3.1'
        //TrueTime
        implementation 'com.github.instacart.truetime-android:library:3.4'
        //facebook ads
        implementation 'com.facebook.android:audience-network-sdk:6.1.0'
        //shimmer
        implementation 'com.facebook.shimmer:shimmer:0.5.0'
        //Loading Animation
        implementation 'com.wang.avi:library:2.1.3'
        //likeButton
        implementation 'com.github.varunest:sparkbutton:1.0.6'
    }

    configurations.all {
        resolutionStrategy.force 'com.android.support:support-annotations:28.0.0'
    }

}

- -更新 - -

实际上，问题出在 facebook sdk 中，在仅将其替换为特定于登录名的 sdk 后，我的应用程序获得了 Play 商店的批准。