Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DevSettingsActivity included in production AndroidManifest #2658

Closed
fontesrp opened this issue Feb 8, 2024 · 4 comments
Closed

DevSettingsActivity included in production AndroidManifest #2658

fontesrp opened this issue Feb 8, 2024 · 4 comments
Labels
stale

Comments

@fontesrp
Copy link

fontesrp commented Feb 8, 2024

Hi! 👋

Firstly, thanks for your work on this project! 🙂

Today I used patch-package to patch [email protected] for the project I'm working on.

Here is the diff that solved my problem:

diff --git a/node_modules/react-native-code-push/android/app/src/main/AndroidManifest.xml b/node_modules/react-native-code-push/android/app/src/main/AndroidManifest.xml
index 5bd1596..2920e8d 100644
--- a/node_modules/react-native-code-push/android/app/src/main/AndroidManifest.xml
+++ b/node_modules/react-native-code-push/android/app/src/main/AndroidManifest.xml
@@ -4,7 +4,6 @@
     <uses-permission android:name="android.permission.INTERNET" />
 
     <application>
-        <activity android:name="com.facebook.react.devsupport.DevSettingsActivity" />
     </application>
 
 </manifest>

This issue body was partially generated by patch-package.
@AnatolyPristensky
Copy link
Contributor

Hello @fontesrp, could you please describe your issue more detailed?

@fontesrp
Copy link
Author

fontesrp commented Feb 12, 2024
edited
Loading

@AnatolyPristensky, sorry about that 😅

This issue was flagged on a pen test of my current project. The pen testers found a reference to DevSettingsActivity in the manifest of the production build of our Android app. After some investigation, I discovered that the activity declaration appeared in our release AndroidManifest.xml file due to react-native-code-push. Applying the patch above erased that entry from our manifest.

I created a repo where we can reproduce the issue, and I added more details of the investigation steps to its README file:
https://github.com/fontesrp/dev_settings_prod

I couldn't find references to DevSettingsActivity in react-native-code-push's source, so I believe the patch is safe, but please let me know if I missed anything. I also tested my current project in debug and release modes (including sending it a few Code Push updates), and everything seems to work as expected. I didn't include a project key in the demo repo because it's public, so let me know if you need anything else.

@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

This issue will now be closed because it hasn't had any activity for 15 days after stale. Please feel free to open a new issue if you still have a question/issue or suggestion.

@DmitriyKirakosyan DmitriyKirakosyan mentioned this issue Jun 11, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fontesrp @AnatolyPristensky