Skip to content
Commit 82a2e2d8 authored by Winson's avatar Winson
Browse files

Remove updateIntentVerificationStatusAsUser from ResolverActivity

DO NOT CHERRY PICK ANYWHERE: Security issue

This API is meant to grant an app complete verification over the
domains it has declared, meaning it will always resolve the domains it
declares for web links.

This can allow an app to take over links that are unowned. Any time a
user selects "Always" when resolving an Intent in the diambiguation
dialog, this API would be called, and all subsequent resolutions of any
domain declared by the app selected would be automatically directed to
that app, with no prompt to the user.

From a quick search, it's possible that all usages of this API are
actually unintended and should be removed. Should be considered for
deprecation in the future.

Bug: 163358811

Test: none, this is not generally testable, see linked bug for context

Change-Id: Iff7f788a83af68c7fbb1c6b9a8be7b47136be2b6
parent 87e1f782
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment