|From:||Duc Tran Anh|
|Subject:||Re: [Linphone-developers] Google Play Store rejects app because of Linphone old version|
|Date:||Mon, 8 Aug 2016 10:57:54 +0700|
You'll be please to know since today we replaced the de.timroes.axmlrpc library by the xmlrpc implementation in liblinphone.
If you update to the latest version, you shouldn't have this issue anymore. Don't forget to update the submodules.
Sylvain Berfini Software Engineer @ Belledonne CommunicationsLe 21/07/2016 à 09:06, Duc Tran Anh a écrit :
Dear Linphone Experts,
Firstly, appreciate for the opensource you are providing.I have used your Linphone source for our project, now we submitted app to Google Play Store, but it is rejected because of reason we are using an old Lib in our code that violates a secure issue of Google Policy.
Could you please check the reject detail from Google below?I know well that you have new version (2016) that solve this issue. But if doing change with this new version, we will re-code our project so much, and it will look imposible. That's why I ask you if there maybe another way like just replace a core of lib that would resolve this problem?
Thanks for contacting Google Play Developer Support about the security alert you have received with regard to the use of an unsafe implementation of the interface X509TrustManager.
Beginning May 17, 2016, Google Play will block publishing of any new apps or updates containing the unsafe implementation of the interface X509TrustManager.
Version 1 of your app CloseChat contains the following affected code:Lde/timroes/axmlrpc/
To confirm that you’ve addressed the vulnerability, upload the updated version of the app to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.
To see a full list of all apps affected by security vulnerabilities, please view the Alerts tab of your developer console.
If you believe this vulnerability resides in a third party library, please notify the third party and work with them to address this.
While these specific issues may not affect every app with the TrustManager implementation, it’s best not to ignore SSL certificate validation errors. Apps with vulnerabilities that expose users to risk of compromise may be considered dangerous products in violation of the Content Policy and section 4.4 of the Developer Distribution Agreement.
Specifically, the implementation ignores all SSL certificate validation errors when establishing an HTTPS connection to a remote host, thereby making your app vulnerable to man-in-the-middle attacks. An attacker could read transmitted data (such as login credentials), and even change the data transmitted on the HTTPS connection.
I hope this helps! If you have any further questions, please let me know. I'm happy to help.
Google Play Developer Support----
Thank you so much Linphone Experts!
Thanks and regards,--
_________________ Linphone-developers mailing list address@hidden https://lists.nongnu.org/ mailman/listinfo/linphone- developers
Linphone-developers mailing list
|[Prev in Thread]||Current Thread||[Next in Thread]|