Please provide the following:
- SDK Version: 38
- Platforms(Android/iOS/web/all): Android
At my company we have recently complete a penetration test of our app to test security. One of the items flagged was there are a number of functions exposed from expo, which have the potential to crash the app externally. Below is the CLI except that shows all functions exposed.
My question is, how can i stop these functions being exposed? I see in the payments API Reference that payments is configured by default on android.
run app.activity.info -a com.[COMPANY].[APP_NAME]
Package: com.[COMPANY].[APP_NAME]
host.exp.exponent.LauncherActivity
Permission: null
host.exp.exponent.MainActivity
Permission: null
host.exp.exponent.experience.TvActivity
Permission: null
net.openid.appauth.RedirectUriReceiverActivity
Permission: null
expo.modules.payments.stripe.RedirectUriReceiver
Permission: null
abi37_0_0.expo.modules.payments.stripe.RedirectUriReceiver
Permission: null
abi36_0_0.expo.modules.payments.stripe.RedirectUriReceiver
Permission: null
abi35_0_0.expo.modules.payments.stripe.RedirectUriReceiver
Permission: null
abi34_0_0.expo.modules.payments.stripe.RedirectUriReceiver
Permission: null
com.facebook.CustomTabActivity
Permission: null
androidx.biometric.DeviceCredentialHandlerActivity
Permission: null
Crash command
run app.activity.start –
component com.britishsugar.ftr abi37_0_0.expo.modules.payments.stripe.RedirectUriReceiver