I wasn't able to find the offending classes using the script on the stack overflow post. Instead, I converted the release .apk into a jar and did a grep search on the .class files. I came up with three hits -->
Binary file ./com/google/android/gms/security/ProviderInstaller.class matches Binary file ./com/squareup/okhttp/internal/Platform.class matches Binary file ./cz/msebera/android/httpclient/extras/PRNGFixes.class matches Yet, I still can't find from here what version of OpenSSL these classes are running. Any recommendations on what to do next? David On Monday, September 28, 2015 at 2:20:47 PM UTC-4, Jeffrey Walton wrote: > > > I ran the grep command and found the following results --> >> >> Failed to seed OpenSSL PRNG >> >> GmsCore_OpenSSL >> >> +com.android.org.conscrypt.OpenSSLSocketImpl >> >> 7org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl >> >> I'm not sure where to go from here; as it does not specify the version of >> OpenSSL, which libraries & their dependencies these result pertain to. I >> have tried to use the Android Studio dependancy analyzer but was not able >> to pull up results. Do you have any ideas of what my next steps should >> be? Is there another way for me trace, perhaps using classpaths, which >> libraries need to be updated? >> > > https://stackoverflow.com/questions/31378617/gmscore-openssl-can-provoke-app-rejected-from-google-play-with-all-updated > > Jeff > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
