[Venmo Android] Remote theft of user session

A URL activity in the Venmo application used the built-in android.net.Uri parser, which has a known logic problem with certain characters. If an external URL were passed from a website or other app on the device to the application activity, the app would open the URL without properly validating the destination. This could expose some session data to a third party.