From d479e9b2bf3c88508ed61b922e0d742da6b916be Mon Sep 17 00:00:00 2001
From: Stanislav Dmitrenko <7953703+avently@users.noreply.github.com>
Date: Sat, 3 Dec 2022 02:07:21 +0300
Subject: [PATCH] android: Change of launchMode in an activity and different
 behavior of back button (#1480)

* android: Change of launchMode in an activity and different behavior of back button
- Android versions <= 10 are vulnerable to StrandHogg 1. This commit fixes the behavior of the app on affected versions of Android

* simplify condition

Co-authored-by: Evgeny Poberezkin <2769109+epoberezkin@users.noreply.github.com>
---
 apps/android/app/src/main/AndroidManifest.xml         |  4 +++-
 .../src/main/java/chat/simplex/app/MainActivity.kt    | 11 ++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/apps/android/app/src/main/AndroidManifest.xml b/apps/android/app/src/main/AndroidManifest.xml
index 9c34cbf7a..8c31ed4e5 100644
--- a/apps/android/app/src/main/AndroidManifest.xml
+++ b/apps/android/app/src/main/AndroidManifest.xml
@@ -102,7 +102,9 @@
 
 
     <activity android:name=".views.call.IncomingCallActivity"
-        android:showOnLockScreen="true"/>
+        android:showOnLockScreen="true"
+        android:exported="false"
+        android:launchMode="singleTask"/>
 
     <provider
         android:name="androidx.core.content.FileProvider"
diff --git a/apps/android/app/src/main/java/chat/simplex/app/MainActivity.kt b/apps/android/app/src/main/java/chat/simplex/app/MainActivity.kt
index 5e953d8c1..0aabca7ee 100644
--- a/apps/android/app/src/main/java/chat/simplex/app/MainActivity.kt
+++ b/apps/android/app/src/main/java/chat/simplex/app/MainActivity.kt
@@ -3,6 +3,7 @@ package chat.simplex.app
 import android.app.Application
 import android.content.Intent
 import android.net.Uri
+import android.os.Build
 import android.os.Bundle
 import android.os.Parcelable
 import android.os.SystemClock.elapsedRealtime
@@ -133,7 +134,15 @@ class MainActivity: FragmentActivity() {
   }
 
   override fun onBackPressed() {
-    super.onBackPressed()
+    if (
+      onBackPressedDispatcher.hasEnabledCallbacks() // Has something to do in a backstack
+      || Build.VERSION.SDK_INT >= Build.VERSION_CODES.R // Android 11 or above
+      || isTaskRoot // there are still other tasks after we reach the main (home) activity
+    ) {
+      // https://medium.com/mobile-app-development-publication/the-risk-of-android-strandhogg-security-issue-and-how-it-can-be-mitigated-80d2ddb4af06
+      super.onBackPressed()
+    }
+
     if (!onBackPressedDispatcher.hasEnabledCallbacks() && vm.chatModel.controller.appPrefs.performLA.get()) {
       // When pressed Back and there is no one wants to process the back event, clear auth state to force re-auth on launch
       clearAuthState()