Use case

Hi Team, In one of security assessment tool we are facing an issue related to broadcast receiver method registerReceiver, please check logs for this.
below is the package packages/camera/camera_android/android/src/main/java/io/flutter/plugins/camera/features/sensororientation/DeviceOrientationManager.java
"type": "java",
"context": {
"flags": [],
"source": {
"line": 82,
"name": "io/flutter/plugins/camera/features/sensororientation/DeviceOrientationManager.java"
},
"signature": "Landroid/app/Activity;,registerReceiver,(Landroid/content/BroadcastReceiver;Landroid/content/IntentFilter;)Landroid/content/Intent;",
"class_name": "android.app.Activity",
"method_name": "registerReceiver"
}
}

Proposal

Ensure Receivers Are Not Exported:

For Apps Targeting Android 13 or Higher: When registering a receiver, set Context.RECEIVER_NOT_EXPORTED to ensure it is not accessible by external apps.

registerReceiver(receiver, intentFilter, null, handler, Context.RECEIVER_NOT_EXPORTED)

For Apps Targeting Android 12 or Lower: Use ContextCompat.RECEIVER_NOT_EXPORTED in the int flags of ContextCompat.registerReceiver(Context, BroadcastReceiver, IntentFilter, int) or ContextCompat.registerReceiver(Context, BroadcastReceiver, IntentFilter, String, Handler, int).

registerReceiver(receiver, intentFilter, null, handler, ContextCompat.RECEIVER_NOT_EXPORTED)