WFS - Implicit PendingIntent Vulnerability - Play Console

It looks like WFS needs quick fix for Implicit PendingIntent Vulnerability. It’s also possible that future app releases / updates will not be approved because of this. The error message only started showing today but we have been using WFS 1.0.12 for some time now.

Google Help Centre article:
Remediation for Implicit PendingIntent Vulnerability - Google Help

Yeah, I am also facing the same issue. This is could be a problem for future submission on the Play Store. A quick hotfix is needed…

Are you getting this on your watch or on your companion Android app?

I’ll report this to the WFS Team.

Ron

Hi Ron,
it’s watch app issue - ComplicationHelperActivity.onRequestPermissionResult

  • androidx.wear.watchface.ComplicationHelperActivity.onRequestPermissionsResult

Tomas

Same here.
This issue refers to the Watch Face file.

This is new. I also have it to published watch face and even to approved but unpublished watch face.

Same here.
This error message shows up in Google Play Console under “Production” tab for my most recent watch faces created with WFS 1.0.12, but there is no such error on slightly older watch faces created with older WFS version 1.0.3, that’s interesting.

Google might decide to start suspending apps which don’t fully comply, so this should be fixed as soon as possible.

The strange thing is that this error doesn’t always appear.

For example, I have two watch faces created with the same version of WFS (1.0.12):

  • One watch face has this error and the other has no error.

(same complications and structure)

Same here. Even with the watch faces made with Android Studio.

I have the same message. All watchfaces created with WFS (1.0.12).

You got this messages just with new uploads or also with untouched faces existing already on the market? I just asked because currently i don’t have this issue on any of my faces.

Note: I don’t use the companion app workaround.

:thinking:

androidx.wear.watchface.ComplicationHelperActivity.onRequestPermissionsResult

It has to be something on custom complication permissions implementation so when you use 1.0.12 but not using custom complications like SHORT_TEXT or LONG_TEXT it will not trigger this error.

1 Like

Ah ok … got it. Thx.

A planned update of WFS will be released tomorrow Feb 24th*. The Watch Face Studio team thinks the androidx they used will fix this. Once you rebuild with the newer version let us know if it does not fix this problem so they can prepare a hotfix.

*Please note that the documentation for the update is not finished.

Ron
Samsung Developer Relations

4 Likes

Will be the AOD issue fixed too? :thinking:

I’ve just rebuilt one of my watch faces with the new version of WFS and uploaded it to Google Play. I don’t see that ***PendingIntent error now. I think it solved the problem.
Many thanks to WFS developers for being fast with the issue solution.

AOD issue still remains. :frowning:

Yes because it’s firmware issue :slight_smile:

Yes, the issue for “PendingIntent Vulnerability” is solved by the new watch face studio (version 1.1.9)

Thanks @r.liechty_SDP for quickly pinging this to WFS team. Error is fixed. Other than that, we can now add more than 6 styles, we can now view and drag the arrangement of the images. I wish there will be no new errors that will arise. I hope in the coming WFS updates covers most of the requested fixes and changes. [UPDATE] I saw post from @Peter. Thanks for the list!