查看: 6633|回复: 5

[Android常见问题] ShareSDK有SSL Error Handler漏洞导致无法上架Google Play

[复制链接]

Rank: 1

主题:
帖子:
积分:
0

[Android常见问题] ShareSDK有SSL Error Handler漏洞导致无法上架Google Play

[复制链接]
6633 5 | 发表于 2019-2-21 16:34:02 |阅读模式 | |
我们年前更新了ShareSDK,提交至Google Play商店时收到以下反馈:

HelloGoogle Play Developer,
Werejected <应用名>, with package name <包名>, for violating our MaliciousBehavior or UserData policy. If you submitted an update, the previous version of your appis still available on Google Play.
Thisapp uses software that contains security vulnerabilities for users or allowsthe collection of user data without proper disclosure.
Belowis the list of issues and the corresponding APK versions that were detected inyour recent submission. Please upgrade your app(s) as soon as possible andincrement the version number of the upgraded APK.
        
Vulnerability
      
APK Version(s)
   
Past Due Date
  
      
SSL Error Handler
  For more information on how to address WebView SSL Error Handler  alerts, please see this Google Help Center  article.
   
14
  
November 30, 2016
Toconfirm you’ve upgraded correctly, submit the updated version of your app tothe Play Console and check back after five hours to make sure the warning isgone.
Whilethese vulnerabilities may not affect every app that uses this software, it’sbest to stay up to date on all security patches. Make sure to update anylibraries in your app that have known security issues, even if you're not surethe issues are relevant to your app.
Appsmust also comply with the DeveloperDistribution Agreement and DeveloperProgram Policies.
Ifyou feel we have made this determination in error, please reach out to our developersupport team.
Best,
The Google Play Team




我们联系了Google的技术支持,得知是这个在mob/commons下面的类存在漏洞:
  • Thanks for contacting Google Play Developer Support. I understand you havesome questions about the SslErrorHandler security vulnerability.I took a look at your app, and version 14 of <应用名> has the following class, which contains a vulnerableversion of SslErrorHandler:
    • Lcom/mob/commons/i$1;
    Here’s how you can resolve this issue:
    • To properly handle SSL certificate validation, change     your code to invoke SslErrorHandler.proceed() whenever the certificate     presented by the server meets your expectations, and invoke     SslErrorHandler.cancel() otherwise.
    • If you are using a 3rd party library that’s responsible     for this, please notify the 3rd party and work with them to address the     issue.
    • After making changes, sign in to your Play Console     and submit the updated version of your app. Make sure to increment the     version number of your APK.
    • Check back after five hours - we’ll show a warning     message if the app hasn’t been updated correctly.
    You can find more information about this vulnerability by visiting the Alerts page ofyour Play Console or this Google Help Centerarticle.
    I hope this helps! If you have any further questions, please let me know.I’m happy to help.
    Regards,
    Mia
    Google Play Developer Support


希望给出解决方法,谢谢



Rank: 5Rank: 5

主题:
帖子:
积分:
0
发表于 2019-2-21 18:21:14 |
ShareSDK版本号多少?使用什么方式集成的,gradle在线还是离线模式?

Rank: 1

主题:
帖子:
积分:
0
发表于 2019-2-25 10:53:53 |
Boyka 发表于 2019-2-21 18:21
ShareSDK版本号多少?使用什么方式集成的,gradle在线还是离线模式?

gradle模式集成,能不能直接禁用掉WebView打开网页这个功能?

Rank: 1

主题:
帖子:
积分:
0
发表于 2019-2-27 10:30:04 |
我也遇到了同样的情况,也是在GOOGLE PLAY被拒,收到一样的邮件,我是通过unity3D集成的。请问如何解决????

Rank: 1

主题:
帖子:
积分:
0
 楼主| 发表于 2019-3-3 17:37:53 |
Boyka 发表于 2019-2-21 18:21
ShareSDK版本号多少?使用什么方式集成的,gradle在线还是离线模式?

用的是2019年1月11日更新在Github上的shareSDK.unitypackage,版本号不清楚,用Unity的Internal Build System集成的,因为Gradle集成有问题,见我另外这贴:http://bbs.mob.com/forum.php?mod=viewthread&tid=26079&extra=page%3D2

Rank: 5Rank: 5

主题:
帖子:
积分:
0
发表于 2019-3-4 10:04:34 |
重装甲硬汉 发表于 2019-3-3 17:37
用的是2019年1月11日更新在Github上的shareSDK.unitypackage,版本号不清楚,用Unity的Internal Build Sy ...

麻烦确认下是什么方式集成   加一下我们技术支持扣扣  会有相应的解决办法给到您的   联系技术支持扣扣就好了
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

技术支持
免费咨询 | 24小时在线
快速回复 返回顶部 返回列表