[Security issue] Leakage of all pushes to third-party apps

[bagipro]

https://github.com/zo0r/react-native-push-notification/blob/master/android/src/main/java/com/dieam/reactnativepushnotification/modules/RNPushNotificationHelper.java#L311
https://github.com/zo0r/react-native-push-notification/blob/master/android/src/main/java/com/dieam/reactnativepushnotification/modules/RNPushNotificationRegistrationService.java#L36

All your users are vulnerable to this bug. I submitted an email to you a few months ago, but no fix/response was received.

You don't specify broadcast receiver in the broadcasts above. It means that any app installed on the same device can intercept those broadcasts, so all pushes from server are leaked to third parties. Use methods like Intent.setPackage() or Intent.setClass() etc to prevent broadcast interception

[calcazar]

+1 .. is this library still supported?