Sign up Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
rayleigh

Senior Member
Registered:
Posts: 169
Reply with quote  #1 
hi
become a email that X509TrustManager is not save .
So have somone also the same problem with mobiecore ?

Beginning May 17, 2016, Google Play will block publishing of any new apps or updates containing the unsafe implementation of the interface X509TrustManager.
0
Martin

Avatar / Picture

Administrator
Registered:
Posts: 2,230
Reply with quote  #2 
Hey Rayleigh. Thanks for sharing. I also seen this email from google last week. GOOGLE STRIKES AGAIN!!! lol. Here's the full email from google play for all to see:

Hello Google Play Developer,

Your app(s) listed at the end of this email use an unsafe implementation of the interface X509TrustManager. Specifically, the implementation ignores all SSL certificate validation errors when establishing an HTTPS connection to a remote host, thereby making your app vulnerable to man-in-the-middle attacks. An attacker could read transmitted data (such as login credentials) and even change the data transmitted on the HTTPS connection. If you have more than 20 affected apps in your account, please check the Developer Console for a full list.

To properly handle SSL certificate validation, change your code in the checkServerTrusted method of your custom X509TrustManager interface to raise either CertificateException or IllegalArgumentException whenever the certificate presented by the server does not meet your expectations. For technical questions, you can post to Stack Overflow and use the tags “android-security” and “TrustManager.”

Please address this issue as soon as possible and increment the version number of the upgraded APK. Beginning May 17, 2016, Google Play will block publishing of any new apps or updates containing the unsafe implementation of the interface X509TrustManager.

To confirm you’ve made the correct changes, submit the updated version of your app to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.

While these specific issues may not affect every app with the TrustManager implementation, it’s best not to ignore SSL certificate validation errors. Apps with vulnerabilities that expose users to risk of compromise may be considered dangerous products in violation of the Content Policy and section 4.4 of the Developer Distribution Agreement.

Apps must also comply with the Developer Distribution Agreement and Content Policy. If you feel we have sent this warning in error, contact our policy support team through the Google Play Developer Help Center.

Regards,

The Google Play Team

Unfortunately we have more than 20 affected games by this because of adding an old flurry sdk. Most of them are quite old. I have the unity projects but they are still from unity 3.5, so about 3 years old some of them. This is really a major pain if we need to update all the games.

So the question is, do we really need to update all the games, or do we un-publish them, or do we just leave them to stay live? What do you guys think?

Thanks for any input guys
Martin

0
javaexp

Avatar / Picture

Registered:
Posts: 337
Reply with quote  #3 
Google always finds way to create trouble. Me too confused. No support where we can ask these questions to google directly. just guesses. [mad]
__________________
 
0
Crichton333

Avatar / Picture

Senior Member
Registered:
Posts: 273
Reply with quote  #4 
I also got hit with this because of the old flurry sdk. I'll have to install an older Unity version and see how it goes. 
__________________

"Smoke me a kipper i'll be back for breakfast." -- iOS: Nebula Virtual Reality

0
bond

Junior Member
Registered:
Posts: 22
Reply with quote  #5 
MobileCore just updated their SDK, maybe things are ok now...
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.