[Important] Unsafe implementation of X509TrustManager

Discussion in 'Web Module Discussion' started by Bahaa, Feb 18, 2016.

  1. Bahaa

    Bahaa New Member

    Joined:
    Feb 3, 2015
    Messages:
    13
    Likes Received:
    2
    Today i received a warning email from Google, it says the following

    "Hello Google Play Developer,
    Your app(s) listed at the end of this email use an unsafe implementation of the interfaceX509TrustManager. Specifically, the implementation ignores all SSL certificate validation errors when establishing an HTTPS connection to a remote host, thereby making your app vulnerable to man-in-the-middle attacks. An attacker could read transmitted data (such as login credentials) and even change the data transmitted on the HTTPS connection. If you have more than 20 affected apps in your account, please check the Developer Console for a full list.

    To properly handle SSL certificate validation, change your code in the checkServerTrusted method of your custom X509TrustManager interface to raise either CertificateException orIllegalArgumentException whenever the certificate presented by the server does not meet your expectations. For technical questions, you can post to Stack Overflow and use the tags “android-security” and “TrustManager.”

    Please address this issue as soon as possible and increment the version number of the upgraded APK. Beginning May 17, 2016, Google Play will block publishing of any new apps or updates containing the unsafe implementation of the interface X509TrustManager.

    To confirm you’ve made the correct changes, submit the updated version of your app to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.
    "

    Please note that this is a different message (other than WebViewClient.onReceivedSslError handler error).
    As the email mentions, apps will be blocked starting May 17.

    Regards
    Bahaa
     
    #1
    apps.innovators likes this.
  2. sami al

    sami al New Member

    Joined:
    Feb 24, 2016
    Messages:
    2
    Likes Received:
    0
    me too
    You must delete the application before you disable Google to our account
    But I do not know how to delete the application from Google, do you have knowledge of a way to delete the application
     
    #2
  3. joseph raphael

    joseph raphael Well-Known Member

    Joined:
    Feb 3, 2015
    Messages:
    776
    Likes Received:
    312
    This has been fixed
     
    #3

Share This Page