All geek questions in one place

Integrate dropbox into my app that shows security alert

I developed one application successfully, I want to save the database in dropbox. So I use the dropbox-android-sdk-1.5.4 example, which works fine for me.

My problem is that I integrate this sdk application application into my application and do the login process at this time, showing one error . Another application on your phone may try to position itself as the application you are currently using. The malicious application cannot access your account. But the link to the delete folder was disabled as a precaution. Please contact support@dropbox.com.

enter image description here

+6
source share
4 answers

Just suppose, but I think this can happen if you try to reuse the application key and secret from the sample application in your own application, instead of creating a new application through https://www.dropbox.com/developers/apps / create and using this key and secret.

+10
source

I know this is an old question, but there is another possibility that just bit me for future users who might run into the same problem:

If during the authentication process you encounter an error message, for example, "Another application on your phone may try to position itself as the application that you are currently using." This means that more than one application is installed on the phone and has callback activity registered for one application key. You can fix this error by deleting one of the intruder applications or by switching to a new application key.

I ran into this problem having different versions (debugging and release) of the same application.

Source Link

+9
source

I just looked at the code for the SDK, and this is because you have 2 applications that handle the same scheme for the callback URL that the Dropbox login page uses.

Therefore, when a user logs into Dropbox using a browser, after a successful login, the browser will open db-123456789://somepath , where 123456789 is the unique identifier of your Dropbox application. If several applications are installed on the device that process the db-123456789 URL scheme, you will receive this warning.

I assume that a malicious application can grab an access token when the browser gives it using the db-123456789 scheme, referring to this scheme, therefore, a warning.

+1
source

I had the same problem when I was switching from different versions of api. I had two instances of AuthActivity in the AndroidManifest.xml file, i.e.

  <activity android:name="com.dropbox.client2.android.AuthActivity" android:configChanges="orientation|keyboard" android:launchMode="singleTask" > <intent-filter> <!-- <data android:scheme="db-c9buqx8hii5bxx8" /> --> <data android:scheme="xxxxxxxxxxx" /> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.BROWSABLE" /> <category android:name="android.intent.category.DEFAULT" /> </intent-filter> </activity> <activity android:name="com.dropbox.core.android.AuthActivity" android:configChanges="orientation|keyboard" android:launchMode="singleTask"> <intent-filter> <!-- Insert your app key after "db- ..." --> <data android:scheme="db-xxxxxxxxxx" /> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.BROWSABLE" /> <category android:name="android.intent.category.DEFAULT" /> </intent-filter> </activity>

I found this after some debugging and noticed that the Dropbox library checked the connection check. If dropbox detects more than one action, if it throws a security warning error. I duplicated the same check with the code below and put it in the main launch action. It will print out actions found with the same intent as a clue about what is happening.

 public static void showDropboxActivities(Context context) { Intent testIntent = new Intent(Intent.ACTION_VIEW); String scheme = "db-" + DROPBOX_APP_KEY; String uri = scheme + "://" + com.dropbox.core.android.AuthActivity.AUTH_VERSION + "/connect"; testIntent.setData(Uri.parse(uri)); PackageManager pm = context.getPackageManager(); List<ResolveInfo> activities = pm.queryIntentActivities(testIntent, 0); Log.d("SomeApp", "------------- showDropboxActivities ------------"); for (ResolveInfo activity : activities) { Log.d("SomeApp", "activty = " + activity.toString()); Log.d("SomeApp", "activity.activityInfo = " + activity.activityInfo); Log.d("SomeApp",".............."); } }
0
source

Source: https://habr.com/ru/post/953906/

More articles:


All Articles