With the planned upgrade applications received such a letter
Security alert Your application has an unsafe implementation of the
WebViewClient.onReceivedSslError handler. Specifically, the implementation
ignores all SSL certificate validation errors, making your app vulnerable to
man-in-the-middle attacks. An attacker could change the affected WebView's
content, read transmitted data (such as login credentials), and execute code
inside the app using JavaScript. To properly handle SSL certificate validation,
change your code to invoke SslErrorHandler.proceed() whenever the certificate
presented by the server meets your expectations, and invoke
SslErrorHandler.cancel() otherwise. An email alert containing the affected
app(s) and class(es) has been sent to your developer account address. Please
address this vulnerability as soon as possible and increment the version number
of the upgraded APK. For more information about the SSL error handler, please
see our documentation in the Developer Help Center. For other technical
questions, you can post to https://www.stackoverflow.com/questions and use the
tags “android-security” and “SslErrorHandler.” If you are using a 3rd
party library that’s responsible for this, please notify the 3rd party and
work with them to address the issue. To confirm that you've upgraded correctly,
upload the updated version to the Developer Console and check back after five
hours. If the app hasn't been correctly upgraded, we will display a warning.
Please note, while these specific issues may not affect every app that uses
WebView SSL, it's best to stay up to date on all security patches. Apps with
vulnerabilities that expose users to risk of compromise may be considered
dangerous products in violation of the Content Policy and section 4.4 of the
Developer Distribution Agreement. Please ensure all apps published are
compliant with the Developer Distribution Agreement and Content Policy. If you
have questions or concerns, please contact our support team through the Google
Play Developer Help Center. Affects APK version 20.
What do we do, how to fix the problem.
Just as we can verify that the problem is solved, repeat the publication? Does
our application block while?
Original issue reported on code.google.com by moskale...@woxapp.com on 14 Feb 2016 at 6:16
Original issue reported on code.google.com by
moskale...@woxapp.com
on 14 Feb 2016 at 6:16