Merge branch 'change-launch-mode-from-singletask-to-singleinstance-droid-633'

author: Jonatan Rhodin <jonatan.rhodin@mullvad.net> 2024-01-08 17:42:10 +0100
committer: Jonatan Rhodin <jonatan.rhodin@mullvad.net> 2024-01-08 17:42:10 +0100
commit: e7f11f1609b86d588a094b537af833a7ba5b5929 (patch)
tree: 1927c06df3e3ab83d11dbcfa869889df36d006a2
parent: 63aa10fefc87e0a37bc482cccaaa56b14a2fbc59 (diff)
parent: 631b411c44d0dc02d6d8843b518484396264a315 (diff)
download: mullvadvpn-e7f11f1609b86d588a094b537af833a7ba5b5929.tar.xz
mullvadvpn-e7f11f1609b86d588a094b537af833a7ba5b5929.zip
3 files changed, 10 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 969ffe3775..f1e5499df3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -46,6 +46,10 @@ Line wrap the file at 100 chars.                                              Th
 #### Android
 - Migrate to Compose Navigation which also improves screen transition animations.
 
+### Security
+#### Android
+- Change from singleTask to singleInstance to fix Task Affinity Vulnerability in Android 8.
+
 
 ## [android/2023.10] - 2023-12-14
 Identical to `android/2023.10-beta1`.
diff --git a/android/app/src/debug/AndroidManifest.xml b/android/app/src/debug/AndroidManifest.xml
index a4433cfca1..4cf2009796 100644
--- a/android/app/src/debug/AndroidManifest.xml
+++ b/android/app/src/debug/AndroidManifest.xml
@@ -16,7 +16,7 @@
                  tools:ignore="GoogleAppIndexingWarning">
         <activity android:name="net.mullvad.mullvadvpn.TestActivity"
                   android:label="@string/app_name"
-                  android:launchMode="singleTask"
+                  android:launchMode="singleInstance"
                   android:configChanges="orientation|screenSize|screenLayout"
                   android:screenOrientation="locked"
                   android:windowSoftInputMode="adjustPan"
diff --git a/android/app/src/main/AndroidManifest.xml b/android/app/src/main/AndroidManifest.xml
index d7fa4b0263..7107705496 100644
--- a/android/app/src/main/AndroidManifest.xml
+++ b/android/app/src/main/AndroidManifest.xml
@@ -29,10 +29,14 @@
         <!--
             MainActivity
             Must be exported in order to be launchable.
+            Launch mode should singleInstance to avoid this vulnerability;
+            https://developer.android.com/privacy-and-security/risks/strandhogg
+            This can be disregarded when the minimum supported version is 28 or higher
+            since after that it has been patched on a OS level.
         -->
         <activity android:name="net.mullvad.mullvadvpn.ui.MainActivity"
                   android:exported="true"
-                  android:launchMode="singleTask"
+                  android:launchMode="singleInstance"
                   android:configChanges="orientation|screenSize|screenLayout"
                   android:screenOrientation="fullUser"
                   android:windowSoftInputMode="adjustResize">
author	Jonatan Rhodin <jonatan.rhodin@mullvad.net>	2024-01-08 17:42:10 +0100
committer	Jonatan Rhodin <jonatan.rhodin@mullvad.net>	2024-01-08 17:42:10 +0100
commit	e7f11f1609b86d588a094b537af833a7ba5b5929 (patch)
tree	1927c06df3e3ab83d11dbcfa869889df36d006a2
parent	63aa10fefc87e0a37bc482cccaaa56b14a2fbc59 (diff)
parent	631b411c44d0dc02d6d8843b518484396264a315 (diff)
download	mullvadvpn-e7f11f1609b86d588a094b537af833a7ba5b5929.tar.xz mullvadvpn-e7f11f1609b86d588a094b537af833a7ba5b5929.zip