MoPub Security Vulnerability

Discussion in 'General Discussion' started by Gamenology Media, Mar 31, 2016.

  1. Gamenology Media

    Gamenology Media New Member

    Joined:
    May 8, 2015
    Messages:
    15
    Likes Received:
    0
    Security alert

    Your app is using a version of MoPub containing a security vulnerability. Please see this Google Help Centre articlefor details, including the deadline for fixing the vulnerability.

    This information is intended for developers of apps that utilize any version of MoPub, an ad platform, that precedes 4.4.0. These versions contain a security vulnerability.

    Please migrate your app(s) to MoPub v4.4.0 or higher as soon as possible and increment the version number of the upgraded APK. Beginning July 11, 2016, Google Play will block publishing of any new apps or updates that use older versions of MoPub.

    The vulnerability was addressed in MoPub 4.4.0. The latest versions of the MoPub SDK can be downloaded here. To confirm the version number if you're building using the Jcenter AAR, you can check your Gradle config and make sure it points to 4.4.0. To confirm the version number if you're building directly from source or not using Gradle, you can check com.mopub.common.MoPub.java for SDK_VERSION.

    If you need more information, you can contact MoPub support by emailing support@mopub.com. If you’re using a 3rd party library that bundles MoPub, you’ll need to upgrade it to a version that bundles MoPub 4.4.0 or higher.

    To confirm you’ve upgraded correctly, submit the updated version to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.

    The vulnerability is due to unsanitized default WebView settings. An attacker may exploit this vulnerability by serving a malicious JavaScript code in an advertising creative, making it possible to infer the existences of privacy-sensitive local resources on the devices. For Android devices with the prior versions of API 16, the attacker can even access local resources. For other technical questions, you can post to Stack Overflow and use the tags “android-security” and “MoPub.”

    While these specific issues may not affect every app that uses MoPub, it’s best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered in violation of our Malicious Behavior policy and section 4.4 of the Developer Distribution Agreement.

    Apps must also comply with the Developer Distribution Agreement and Developer Program Policies. If you feel we have sent this warning in error, contact our policy support team through the Google Play Developer Help Center.
     
    #1
  2. max-de-bons-plans

    Joined:
    Feb 19, 2015
    Messages:
    33
    Likes Received:
    5
    Got the same for my three apps even if I did not enable any mopub account ... thanks appyet for solving this asap
     
    #2
  3. kailor

    kailor Member

    Joined:
    Feb 28, 2015
    Messages:
    33
    Likes Received:
    6
    Me too. It shows me that i have 3 affected apps as it shows.

    Will be an update soon or i will have problems with my google developer account?
     
    #3
  4. Daniil Gentili

    Daniil Gentili New Member

    Joined:
    Mar 31, 2016
    Messages:
    1
    Likes Received:
    0
    Got the same problem too.
    When will the Mopub sdk updated?
     
    #4
  5. Robert

    Robert New Member

    Joined:
    Feb 20, 2015
    Messages:
    18
    Likes Received:
    2
    Me too, deadline is July 11th 2016.
     
    #5
  6. appyet

    appyet Support Team Member
    Staff Member

    Joined:
    Feb 2, 2015
    Messages:
    1,281
    Likes Received:
    440
    We are working on fix, will release a fix for this issue as soon as we could
     
    #6
    5ALDOUN, Abraham1205, Robert and 2 others like this.
  7. Zac F.

    Zac F. Member

    Joined:
    Feb 11, 2015
    Messages:
    31
    Likes Received:
    5
    Thanks @appyet

    To all: Don't worry about your Google Developer account. The email you received today was just letting you know about the vulnerability. You are not at risk of having your account deactivated or anything like that. You just wouldn't be able to update your app after July 11th if it still contains the vulnerability. I am sure AppYet will have updated it before then.
     
    #7
  8. DarShaN PanDya

    DarShaN PanDya Active Member

    Joined:
    Dec 11, 2015
    Messages:
    580
    Likes Received:
    104
    YeSs...
    there will be a FiX soOn :)
     
    #8
  9. 5ALDOUN

    5ALDOUN New Member

    Joined:
    Feb 25, 2016
    Messages:
    3
    Likes Received:
    0
    Got the same problem too.
     
    #9
  10. alzzel7

    alzzel7 New Member

    Joined:
    Apr 5, 2016
    Messages:
    3
    Likes Received:
    0
    Got the same problem too.
    Waiting for the solution
     
    #10
  11. max-de-bons-plans

    Joined:
    Feb 19, 2015
    Messages:
    33
    Likes Received:
    5
    looks like our apk contains mobup stuff even if it is not activated. could be nice if it is not by default overloading apk (1/ no risk for such bp 2/ apk less "heavy")
     
    #11
  12. mokina

    mokina New Member

    Joined:
    Apr 9, 2016
    Messages:
    2
    Likes Received:
    0
    #12
  13. mokina

    mokina New Member

    Joined:
    Apr 9, 2016
    Messages:
    2
    Likes Received:
    0
    #13
  14. DarShaN PanDya

    DarShaN PanDya Active Member

    Joined:
    Dec 11, 2015
    Messages:
    580
    Likes Received:
    104
    @mokina
    Don't post your App'S link in any Place!
    Post it in the ShowCase section! :mad:
     
    #14
  15. Dante Campbell

    Joined:
    Feb 4, 2015
    Messages:
    32
    Likes Received:
    2
    #15
  16. Kuntal

    Kuntal New Member

    Joined:
    Apr 11, 2016
    Messages:
    2
    Likes Received:
    0
    I am having the same problem.when will be this problem solved?
     
    #16
  17. DarShaN PanDya

    DarShaN PanDya Active Member

    Joined:
    Dec 11, 2015
    Messages:
    580
    Likes Received:
    104
    #17
  18. Kuntal

    Kuntal New Member

    Joined:
    Apr 11, 2016
    Messages:
    2
    Likes Received:
    0
    How do i get the fix
     
    #18
  19. DarShaN PanDya

    DarShaN PanDya Active Member

    Joined:
    Dec 11, 2015
    Messages:
    580
    Likes Received:
    104
    @Kuntal
    Go to BUILD TAB and Rebuild your App! :)
     
    #19
  20. Äkwav

    Äkwav New Member

    Joined:
    Feb 7, 2016
    Messages:
    28
    Likes Received:
    3
    yay its fixed :)
     
    #20

Share This Page