Closed AnthonyWu-kkstream closed 2 months ago
pedroSG94
commented
2 months ago Hello,
AcceptAllCertificates class is not in use and you can create your own class with a valid certificate. Are you sure that Google block apps if the class is not in use? I can remove that class if it is necessary
AnthonyWu-kkstream
commented
2 months ago Hi @pedroSG94 , Yes, please remove the class. Thanks for your help.
pedroSG94
commented
2 months ago Removed: https://github.com/pedroSG94/RootEncoder/commit/51a34fb7a2a5bdf15aceec76ece2f16e22dbc187
I have other issue on fly so I can't create a release for now (it could take fews days). I can do a gradle compilation of that commit if it is necessary as a temporal solution
AnthonyWu-kkstream
commented
2 months ago Hi @pedroSG94 , Sure,that's sound great and help for me. Could you publish a snapshot version from this commit?
pedroSG94
commented
2 months ago This is the gradle:
implementation 'com.github.pedroSG94.RootEncoder:library:51a34fb7a2'Hi @pedroSG94 Thank you. I got it.
pedroSG94
commented
2 months ago This change was added to version 2.5.0. You can update the library verison to that version Closing issue as resolved
The AcceptAllCertificates class defines empty checkServerTrusted() and checkClientTrusted() methods, thereby disabling SSL validation and accepting any SSL certificate as valid if the class is used when connecting to a server over SSL/TLS.
Regardless of whether the affected classes are actually used at runtime, Google Play is blocking any app that defines such an insecure X509TrustManager, as detailed on Google's support page:
"Beginning May 17, 2016, Google Play will block the publishing of any new apps or updates containing an unsafe implementation of the X509TrustManager interface."
reference