Your implementation of PreferenceActivity is vulnerable to fragment injection

534 views Asked by At

Here is my java class.

public class MyPrefrences extends PreferenceActivity {

@Override
public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    addPreferencesFromResource(R.xml.preferences);
}

}

in my project i used preferences.xml

<PreferenceScreen
    xmlns:android="http://schemas.android.com/apk/res/android">

<PreferenceCategory
        android:title="@string/steps_settings_title">

    <ListPreference
            android:key="sensitivity"
            android:title="@string/setting"
            android:summary="@string/setting_details"
            android:entries="@array/preference"
            android:entryValues="@array/preference_values"
            android:dialogTitle="@string/setting_title"
            android:defaultValue="30" />

    <ListPreference
            android:key="operation_level"
            android:title="@string/operation_level_setting"
            android:summary="@string/operation_level_setting_details"
            android:entries="@array/operation_level_preference"
            android:entryValues="@array/operation_level_preference_values"
            android:dialogTitle="@string/operation_level_setting_title"
            android:defaultValue="30" />

    <ListPreference
            android:key="units"
            android:title="@string/units_setting"
            android:summary="@string/units_setting_details"
            android:entries="@array/units_preference"
            android:entryValues="@array/units_preference_values"
            android:dialogTitle="@string/units_setting_title"
            android:defaultValue="imperial" />

    <com.example.myapp.preferences.StepLengthPreference
            android:key="length"
            android:title="@string/length_setting"
            android:summary="@string/length_setting_details"
            android:dialogTitle="@string/length_setting_title"
            android:defaultValue="20" />

    <com.example.myapp.preferences.BodyWeightPreference
            android:key="body_weight"
            android:title="@string/weight_setting"
            android:summary="@string/weight_setting_details"
            android:dialogTitle="@string/weight_setting_title"
            android:defaultValue="50" />

    <ListPreference
            android:key="exercise_type"
            android:title="@string/type_setting"
            android:summary="@string/type_setting_details"
            android:entries="@array/type_preference"
            android:entryValues="@array/type_preference_values"
            android:dialogTitle="@string/type_setting_title"
            android:defaultValue="running" />

    <ListPreference
            android:key="maintain"
            android:title="@string/maintain_setting"
            android:summary="@string/maintain_setting_details"
            android:entries="@array/maintain_preference"
            android:entryValues="@array/maintain_preference_values"
            android:dialogTitle="@string/maintain_setting_title"
            android:defaultValue="none" />

</PreferenceCategory>


</PreferenceScreen>

how can i fix this according to new google security policies. Your app(s) have an unsafe implementation where PreferenceActivity classes may be susceptible to Fragment Injection. set exported=false for the affected PreferenceActivity in your Manifest Incorrect implementation of isValidFragment How can they may fixed?

1

There are 1 answers

0
BQ. On BEST ANSWER

This code works perfectly for me:

public class MyPrefrence extends PreferenceActivity {

@Override
public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);


    getFragmentManager().beginTransaction()
            .replace(android.R.id.content, new MyPreferenceFragment())
            .commit();

}

public static class MyPreferenceFragment extends PreferenceFragment {
    @Override
    public void onCreate(final Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        addPreferencesFromResource(R.xml.preferences);
    }
}

}