Google Play Store submission issues (libpng)

I am currently having an issue with Google and the libpng library. I have
updated the Corona SDK to build 2016.3002, but my app is still being rejected
by Google due to libpng. I have searched the entire project, including all
lib files, and found that only the Corona files contain references to libpng.

I know that the libpng issue was supposed to have been fixed with version 2016.2906, but I can’t find any other files in my project that reference libpng. 

Any help with this would be appreciated.

Thanks.

First it’s really helpful when you don’t black out things in screen shots like that. Secondly can you produce a screen shot of the error and let us know where in the submission process that it’s happening?

Are you using any plugins?

Thanks

Rob

Sorry, the blacked out parts of the screenshot are project names and personal/company information. As this forum is public, to protect the privacy of my company and our clients, I chose to block out those values. All pertinent information is in the screenshot.

The error we received from Google was as follows:

Hello Google Play Developer,

We rejected <appname>, with package name <packagename>, for violating our Malicious Behavior or User Data policy. If you submitted an update, the previous version of your app is still available on Google Play.

This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.

Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.

Vulnerability** APK Version(s) **Libpng library

The vulnerabilities were fixed in libpng v1.0.66, v.1.2.56, v.1.4.19, v1.5.26 or higher. You can find more information about how resolve the issue in this Google Help Center article.

14

Other libraries that are compiled with the project from the libs directory are:

• Flurry Analytics
• Crashlytics
• KochavaSDK
• Android Touch Gallery

Libraries that are included as dependencies at build-time are:

• Android Annotations
• Android Maps Utils
• Jackson Mapper
• Google Play Services
• HockeySDK
• Parse Android

I have gone through all of the libraries that included in the project that are open source and searched for references of libpng and was unable to find any other than in the files provided by Corona.

I’ve asked Engineering about it.

Rob

We are linking against 1.2.56.

Are any of your libraries and plugins NDK built .so plugins?

Rob

I found the culprit to be the libruntimecore_java.so file. This was a leftover from a previous developer and was assumed to be a compiled library with the Corona SDK. Thank you for looking into this for me.

First it’s really helpful when you don’t black out things in screen shots like that. Secondly can you produce a screen shot of the error and let us know where in the submission process that it’s happening?

Are you using any plugins?

Thanks

Rob

Sorry, the blacked out parts of the screenshot are project names and personal/company information. As this forum is public, to protect the privacy of my company and our clients, I chose to block out those values. All pertinent information is in the screenshot.

The error we received from Google was as follows:

Hello Google Play Developer,

We rejected <appname>, with package name <packagename>, for violating our Malicious Behavior or User Data policy. If you submitted an update, the previous version of your app is still available on Google Play.

This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.

Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.

Vulnerability** APK Version(s) **Libpng library

The vulnerabilities were fixed in libpng v1.0.66, v.1.2.56, v.1.4.19, v1.5.26 or higher. You can find more information about how resolve the issue in this Google Help Center article.

14

Other libraries that are compiled with the project from the libs directory are:

• Flurry Analytics
• Crashlytics
• KochavaSDK
• Android Touch Gallery

Libraries that are included as dependencies at build-time are:

• Android Annotations
• Android Maps Utils
• Jackson Mapper
• Google Play Services
• HockeySDK
• Parse Android

I have gone through all of the libraries that included in the project that are open source and searched for references of libpng and was unable to find any other than in the files provided by Corona.

I’ve asked Engineering about it.

Rob

We are linking against 1.2.56.

Are any of your libraries and plugins NDK built .so plugins?

Rob

I found the culprit to be the libruntimecore_java.so file. This was a leftover from a previous developer and was assumed to be a compiled library with the Corona SDK. Thank you for looking into this for me.