So I just tried to update a long-standing Unity built game on the Play Store but received a rejection mail back from Google as follows :

Intent Redirection - Your app(s) are vulnerable to Intent Redirection.

They offer a link with 3 separate remedies

TBH, The only option I understand here is no.1 (change androidexported to false on the manifest) but looking at this it seems that Google Play services need this in order to sign in.

I have included what I believe to be the offending lines of code from the manifest below.

Also, the mail from Google said I should find more information in 'alerts' in the developer console but there are no messages there.

I am not especially technical so any help greatly appreciated.

 <service
                android:name="com.google.android.gms.auth.api.signin.RevocationBoundService"
                android:exported="true"
                android:permission="com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION" />