Intent-filter Removal Guide for Cross-App Scripting Related Security Issue
Cross-App Scripting related security issue has been found in Kakao Android SDK.
Developers using the following versions need to change their settings in AndroidManifest.xml as shown below.
Impact Scope
Kakao Game Android SDK version 3.0.0 or later
Kakao Game Unity SDK Under version 3.7.1
Existing settings
AndroidManifest.xml
<?xml version="1.0" encoding="utf-8"?> ... <activity android:name="com.kakao.auth.authorization.authcode.KakaoWebViewActivity" android:label="@string/com_kakao_login_button" android:launchMode="singleTop" android:theme="@style/Theme.Transparent" android:windowSoftInputMode="adjustResize" > <!-- Remove from here --> <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.DEFAULT" /> </intent-filter> <!-- Here to --> </activity> ... </application> </manifest>
Changed Settings
AndroidManifest.xml
<?xml version="1.0" encoding="utf-8"?> ... <activity android:name="com.kakao.auth.authorization.authcode.KakaoWebViewActivity" android:label="@string/com_kakao_login_button" android:launchMode="singleTop" android:theme="@style/Theme.Transparent" android:windowSoftInputMode="adjustResize" /> ... </application> </manifest>