Data Theorem scans identified the use of a custom X509TrustManager that does not validate SSL certificates.
Google Play will block publishing of any new apps or updates containing the unsafe implementation of the interface X509TrustManager.
The following Java classes defined within the plugin define a custom X509TrustManager that does not validate SSL certificates:
com.adobe.phonegap.contentsync.Sync$
The affected classes define an empty checkServerTrusted() method, thereby disabling SSL validation and hence accepting any SSL certificate as valid, if the class is used when connecting to a server over SSL/TLS.
To avoid rejection from Google Play and prevent security issues with an App's SSL/TLS connections, remove any custom X509TrustManager defined in the vulnerable classes.
If SSL validation must be customized, ensure that any custom X509TrustManager raises a CertificateException whenever an SSL certificate does not meet the App’s requirements.
Note: Regardless of whether the affected classes are actually used at runtime or not, Google Play is blocking any App that defines such an insecure X509TrustManager, as detailed on Google's support page.
Data Theorem scans identified the use of a custom X509TrustManager that does not validate SSL certificates. Google Play will block publishing of any new apps or updates containing the unsafe implementation of the interface X509TrustManager.
The following Java classes defined within the plugin define a custom X509TrustManager that does not validate SSL certificates:
The affected classes define an empty checkServerTrusted() method, thereby disabling SSL validation and hence accepting any SSL certificate as valid, if the class is used when connecting to a server over SSL/TLS.
To avoid rejection from Google Play and prevent security issues with an App's SSL/TLS connections, remove any custom X509TrustManager defined in the vulnerable classes. If SSL validation must be customized, ensure that any custom X509TrustManager raises a CertificateException whenever an SSL certificate does not meet the App’s requirements.
Note: Regardless of whether the affected classes are actually used at runtime or not, Google Play is blocking any App that defines such an insecure X509TrustManager, as detailed on Google's support page.
See: https://support.google.com/faqs/answer/6346016