** Please Note: Google Play Store Submission Warnings **

[afalls-twilio]

Google has identified security issues found within WebRTC, including version M88 used by Twilio Programmable Video. As a result, some customers have reported their submissions have been 'flagged' by Google. Your application will continue to be approved by the Play store however, you may receive the related warning. We are currently working on addressing the issue and are upgrading WebRTC. We will update this thread as we have more information to share.

[kalipersyn]

@afalls-twilio any updates on this?

[BobSmith43]

@afalls-twilio please update on this with some ETA

[AcHsu104]

@afalls-twilio is there any update on this issue?

[afalls-twilio]

@kalipersyn @maven08 @AcHsu104 We are in the process of upgrading our internal versions of WebRTC and making/porting over the necessary modifications (we use a modified version of webrtc), we are targeting end of first quarter 2023...

FYI: I believe the biggest security holes that were fixed are related to the data channel.

[AdeelTanveerM]

Hi all, When I am trying to publish my app on Google play store I am getting this error after their review "Your app uses a bad version of WebRTC, which contains security vulnerabilities"

Can you please tell me how to get rid of this ? IOS has been published, no issue there.

[AkbarovZohidjon]

I had also the same issue when I wanted to publish. Is there any solution for that.

[AdeelTanveerM]

I had also the same issue when I wanted to publish. Is there any solution for that.

@AkbarovZohidjon You will get a message in inbox of google play account after some time that "Your app is ready to be published" (something like that), then you can publish the same one with this error. Maybe just wait for that message and try roll out again existing version.

[JaredBanyard]

Any update on this?

[parthm73]

I had also faced this issue, Any update on this?

[harleenchauhan]

Hello @afalls-twilio , Hope you are fine

Please help me about this issue .

error 1 Error 1 MESSAGE FOR VERSION CODE 27 error Vulnerable WebRTC Versions Your app uses a bad version of WebRTC, which contains security vulnerabilities.

[deive]

Please note that Google no longer allow publish to live with this vulnerability. We can no longer publish updates while this is outstanding.

[fabiendem]

Please note that Google no longer allow publish to live with this vulnerability.

Can you share some source @deive please? Or a screenshot?

[deive]

@fabiendem Looks like I posted a bit too early - the update has now been approved. It just took a lot longer than expected. Phew!

[AndersonVanzo]

any update?

[JaredBanyard]

Twilio support just days they are working on it. Pretty crazy given this is what they do. Why didn't their internal tooling flag this sooner? Why is it taking so long to update? Have they forked webrtc or something?

On Tue, Feb 28, 2023, 9:00 AM Anderson R. Vanzo @.***> wrote:

any update?

— Reply to this email directly, view it on GitHub https://github.com/twilio/video-quickstart-android/issues/731#issuecomment-1448227456, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACWNJODQX276GT7VVIBNBDWZYAHVANCNFSM6AAAAAARQIJLSY . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[fabiendem]

[...] We are in the process of upgrading our internal versions of WebRTC and making/porting over the necessary modifications (we use a modified version of webrtc), we are targeting end of first quarter 2023...

FYI: I believe the biggest security holes that were fixed are related to the data channel.

@afalls-twilio is there any way you could give us a status of the project please?

[spalmertwilio]

Hi Everyone. First, thank you for your patience as this issue has been open for awhile. Second, upgrading WebRTC is a lengthy process, and the team is diligently working to ensure we do not introduce any bugs, while simultaneously working on other issues. We will post here, and in our normal changelogs, when when we have further updates. Rest assured, this issue is in our “currently being worked on” top issue list.

[afalls-twilio]

Good news all! We are in the final stages of releasing Twilio Video SDK with an upgraded WebRTC version (m105). This should address all the play-store submission issues. Will keep you all posted

[afalls-twilio]

Twilio Video 7.6.1 has been released. This included an upgrade of WebRTC which should resolve this issue... get more info about the release here... https://www.twilio.com/docs/video/changelog-twilio-video-android-v7

[deive]

Just released an update, with no security warning. Good job, thanks very much!