I recently submitted an app in the Play Store, developed using codenameone 
and I received a warning email from Google with the following message:

*"We detected that your app(s) listed at the end of this email are using an 
unsafe implementation of the WebViewClient.onReceivedSslErrorHandler. You 
can also see the list of affected apps, as well as details such as version 
numbers and class names, on the Alerts page in your Developer Console.*

*Your current implementation ignores all SSL certificate validation errors, 
making your app vulnerable to man-in-the-middle attacks. An attacker could 
change the affected WebView's content, read transmitted data (such as login 
credentials), and execute code inside the app using JavaScript.*

*What’s happening*

*Beginning November 25, 2016, Google Play will block publishing of any new 
apps or updates that contain this vulnerability. Your published APK version 
will remain unaffected, however any updates to the app will be rejected 
unless you address this vulnerability.*

*Action required*

*- To properly handle SSL certificate validation, change your code to 
invoke SslErrorHandler.proceed() whenever the certificate presented by the 
server meets your expectations, and invoke SslErrorHandler.cancel() 
otherwise.*
*- If you are using a 3rd party library that’s responsible for this, please 
notify the 3rd party and work with them to address the issue.*
*- After making changes, sign in to your Developer Console and submit the 
updated version of your app.*
*- Check back after five hours - we’ll show a warning message if the app 
hasn’t been updated correctly."*

I was researching but unfortunately I didn't find anything about that. I 
think that maybe is an internal issue of the platform but not sure. What do 
you think?

Thanks in advance.

Sergio

-- 
You received this message because you are subscribed to the Google Groups 
"CodenameOne Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to codenameone-discussions+unsubscr...@googlegroups.com.
Visit this group at https://groups.google.com/group/codenameone-discussions.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/codenameone-discussions/481bf432-55cc-48e0-882a-7bbbf5f51328%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to