Update for fixing Heartbleed exploit in OpenSSL

I’ve just created another topic, having missed this one.

We also received the email, and scanning our apps showed they were all fine. Our main concern is that Google Play say “applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play”. 

We don’t think our app does expose users to any risks, but we still like the idea that our app is subject to removal.  

Are there any plans to update the openssl plugin soon?

@everyone: We’ve updated everything to use OpenSSL v.1.0.1h (latest).

Is anyone able to answer a query I have regarding using the openssl plugin with Enterprise.

I’ve added the libplugin.openssl.so file to my project in the following location:

myProject/android/libs/armeabi-v7a/libplugin.openssl.so

It seems to work fine when building for android, and on my s4 the app runs fine. However when I install on my Kindle Fire HDX it fails to load the plugin, and when we tried to submit to Amazon they said the app wouldn’t open on any device. I then built the app using the simulator, and it works as it should.

Do I need to do anything else with the plugin to get it to work for Amazon Enterprise builds? I’ve clearly missed a step, but as I say it seems to work for Google Play without any issues and I’m not sure what I could have missed. I didn’t add anything to AndroidManifest.xml for this particular plugin, like I did for google play IAP, amazon IAP etc.

Any ideas?

I got an email from Google Play. It said that Apps are using a highly vulnerable version of OpenSSL. I checked the version of my apps Open SSL are “lua-openssl version: 0.0.5    Lua 5.1    OpenSSL 1.0.1g 7 Apr 2014”.

But Google Play says the version of Open SSL should be OpenSSL 1.0.1h.

How do we update the latest Open SSL. It’s possible to remove my Apps from Google Play.

as did I currently on 1.0.1g, I eventually switched to the new version a short while ago after running the old Open SSL e I think

I’m using daily builds and I too got the email from Google Play yesterday. I tried deleting contents of the plugins directory but got the same result before and after.

lua-openssl version: 0.0.5

Lua 5.1

OpenSSL 1.0.1g 7 Apr 2014

I’m not sure I understand. We need to be on 1.0.1h right? That email from Google Play is not very informative.

I also received the e-mail. I will just ignore it. I updated my games when the bug was out and Corona updated its openssl. I scanned my apps with two heartbleed scans and they said that my apps were fine after the update. 

I’ve just created another topic, having missed this one.

We also received the email, and scanning our apps showed they were all fine. Our main concern is that Google Play say “applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play”. 

We don’t think our app does expose users to any risks, but we still like the idea that our app is subject to removal.  

Are there any plans to update the openssl plugin soon?

@everyone: We’ve updated everything to use OpenSSL v.1.0.1h (latest).

Is anyone able to answer a query I have regarding using the openssl plugin with Enterprise.

I’ve added the libplugin.openssl.so file to my project in the following location:

myProject/android/libs/armeabi-v7a/libplugin.openssl.so

It seems to work fine when building for android, and on my s4 the app runs fine. However when I install on my Kindle Fire HDX it fails to load the plugin, and when we tried to submit to Amazon they said the app wouldn’t open on any device. I then built the app using the simulator, and it works as it should.

Do I need to do anything else with the plugin to get it to work for Amazon Enterprise builds? I’ve clearly missed a step, but as I say it seems to work for Google Play without any issues and I’m not sure what I could have missed. I didn’t add anything to AndroidManifest.xml for this particular plugin, like I did for google play IAP, amazon IAP etc.

Any ideas?