Assigned
Status Update
Comments
xa...@gtempaccount.com <xa...@gtempaccount.com> #2
Issue with notification access code in core. Unclear where, but probably safe to assume NotificationCompat
.
pe...@google.com <pe...@google.com> #3
Note that this is a lint error and can be suppressed or lowered to warning-level on the client side. Lowering back to P2
.
xa...@gtempaccount.com <xa...@gtempaccount.com> #4
To find cause of issue, update
androidx/platform/frameworks/support/+/androidx-main:buildSrc/public/src/main/kotlin/androidx/build/SupportConfig.kt;l=50 to 33 and then run ./gradlew :core:core:lintDebug
androidx/platform/frameworks/support/+/androidx-main:buildSrc/public/src/main/kotlin/androidx/build/SupportConfig.kt;l=50 to 33 and then run ./gradlew :core:core:lintDebug
pe...@google.com <pe...@google.com> #5
It's at
frameworks/support/core/core/src/main/java/androidx/core/app/NotificationManagerCompat.java:223: Error: When targeting Android 13 or higher, posting a permission requires holding the POST_NOTIFICATIONS permission [NotificationPermission]
mNotificationManager.notify(tag, id, notification);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Explanation for issues of type "NotificationPermission":
When targeting Android 13 and higher, posting permissions requires holding
the runtime permission android.permission.POST_NOTIFICATIONS.
Description
Component used:
androidx.browser:browser
Version used:
1.5.0
Devices/Android versions reproduced on: Samsung A10 - Android 11. Although I suspect this is not a device-specific issue.
Description of the problem:
The androidx Browser package doesn't do a lot of error handling when launching Source ). After some research, I've found that the problem can be observed when the following conditions are met:
Intent
s. We're seeing someSecurityException
s in our app that occur when the Firebase in-app messaging library launches a web URLIntent
. That library uses the androidx Browser package (Consumer
. This is the 'victim', this app is the one that uses the androidx Browser package to open a website.Buggy
. This is the troublemaker. This app declares at least 2 Activities that can handle web URL intents. See below.Intent
s (this can be done by uninstalling all browser apps and disabling any system browser app).If all the above happens, then when the
Consumer
app tries to navigate to any website using Custom Tabs, aSecurityException
will be thrown. There may be other ways of reproducing, but I was only able to reproduce it with the above set up.Code
The relevant code snippet of the
Buggy
app is this:As I mentioned earlier this crash was first observed in the Firebase in-app messaging library, but I was able to reproduce it using 2 sample apps (see attached), that's why I'm reporting the issue here.
Stacktrace
Thanks in advance!