mobsf false positive

[critt]

During PR checks, mobsf is flagging the following issue and checks are therefore failing:

 "android_task_hijacking1": {
      "files": [
        {
          "file_path": "/home/runner/work/Interp-Android/Interp-Android/app/src/main/AndroidManifest.xml",
          "match_lines": [
            1,
            1
          ],
          "match_position": [
            1,
            1
          ],
          "match_string": "launchMode=singleTask and targetSdk<28"
        }
      ],
      "metadata": {
        "cwe": "cwe-1021",
        "description": "The Activity should not be having the launch mode attribute set to \"singleTask\". It is then possible for other applications to place a malicious activity on top of the activity stack resulting in Task Hijacking/StrandHogg 1.0 vulnerability. This makes the application an easy target for phishing attacks. The vulnerability can be remediated by setting the launch mode attribute to \"singleInstance\" or by setting an empty taskAffinity (taskAffinity=\"\") attribute. You can also update the target SDK version (26) of the app to 28 or higher to fix this issue at platform level.",
        "masvs": "platform-1",
        "owasp-mobile": "m1",
        "reference": "https://github.com/OWASP/owasp-mastg/blob/master/Document/0x05a-Platform-Overview.md",
        "severity": "ERROR"
      }

This is a false positive, as targetSdk is 35 in our case. Unclear when there will a resolution by the maintainers. If it isn't just a bug, I suspect they are only inspecting manifests and not gradle files.

Either get involved and help sort this out or figure out how to ignore the rule.

[critt]

addressed in #12