Facebook React development settings exposed

Facebook React development settings exposed

Risk: hardening

Description

The application exposes the com.facebook.react.devsupport.DevSettingsActivity activity. The DevSettingsActivity Activity exposes developer settings and should not be exposed in release versions of the application.

Recommendation

Disable com.facebook.react.devsupport.DevSettingsActivity in AndroidManifest.xml before deploying your app to the public.

XML

<activity android:name="com.facebook.react.devsupport.DevSettingsActivity"
      android:exported="false"/>

Links

• Facebook SDK Debug Logs

Standards

• OWASP_MASVS_L1:
  • MSTG_ARCH_1
  • MSTG_CODE_4
• OWASP_MASVS_L2:
  • MSTG_ARCH_1
  • MSTG_CODE_4
• PCI_STANDARDS:
  • REQ_2_2
  • REQ_6_2
• OWASP_MASVS_v2_1:
  • MASVS_RESILIENCE_3