...
By declaring android:exported="false" for an activity tag in the AndroidManifest.xml file, the activity is restricted to only accept intents from within the same app or from an app with the same user ID.
Compliant Solution (Twicca)
This vulnerability was fixed in Twicca v0.9.31. Instead of declaring the activity exported="false" in AndroidManifest.xml, Twicca fixed this vulnerability by validating the caller of this activity. In the onCreate() method of the activity class, code was added to check if the package name of the caller is the same as the package name of itself. If the package names are different, the activity exits:
...