False Positive Issues on Android 34

[Heckfer]

We've recently updated our targetSdk from 33 to 34 and all was fine while using mobsfscan version v0.3.4. Once we updated to mobsfscan version v0.3.5 we started having 2 false positives in our CI:

• android_task_hijacking1
• android_task_hijacking2

The reason I say it's a false positive is that the problem is saying this only happens on targetSdk < 28 and targetSdk < 29 respectively. Also, if I change my targetSdk version back to 33 the problems go away.

[Heckfer]

I forgot to mention that this was not fixed on version v0.3.6

[ajinabraham]

Can you share a sample problamatic manifest file for troublehsooting this?

[wissa-b]

@ajinabraham We started to have the same issue too. Our TargetSdk is 34

And we just use a normal launch activity with launchMode singleTop: sample manifest:

    <activity
            android:name=".main.MainActivity"
            android:exported="true"
            android:launchMode="singleTop"
            android:screenOrientation="portrait"
            android:theme="@style/Theme.App.Starting"
            android:windowSoftInputMode="adjustResize">
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />

                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
        </activity>

[joost-klitsie]

This is still a thing with version 0.3.8

[ajinabraham]

What everyones <uses-sdk> like? Something like this will trigger the rule since the minSdk is <=28 <uses-sdk android:minSdkVersion="28" android:targetSdkVersion="34" />

With the following <uses-sdk android:minSdkVersion="29" android:targetSdkVersion="34" /> I don't see any android_task_hijacking1 or android_task_hijacking2 findings. If you are still seeing the issue in latest mobsfscan, please share the full android manifest file that triggers the issue and I can investigate this.