Information from Rakuten Group, Inc.
Vulnerability ID:JVN#56648919
Title:"Rakuten Ichiba App" fails to restrict custom URL schemes properly
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
Fixed versions of “Rakuten Ichiba App” are now available on Google Play Store and App Store.
Regarding the vulnerability, no attacks or exploitation has been confirmed or reported as far as we know.
Android - Google Play Store
#vulnerable version : v12.4.0 and earlier
https://play.google.com/store/apps/details?id=jp.co.rakuten.android&hl=en
iOS - App Store
#vulnerable version : v11.7.0 and earlier
https://apps.apple.com/jp/app/楽天市場-お買い物で楽天ポイントが貯まる便利な通販アプリ/id419267350