One of my apps was pulled from the Google Play store for the reasons cited below. Anyone know if this was an issue that was fixed since my last build (Jan of 2018)?
I took a look at your app, which has the following class, which contains a vulnerable version of SslErrorHandler:
android.permission.ACCESS_FINE_LOCATION
android.permission.INTERNET
android.permission.CHANGE_WIFI_MULTICAST_STATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
Here’s how you can resolve this issue:
- To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise.
- If you are using a 3rd party library that’s responsible for this, please notify the 3rd party and work with them to address the issue.