I recently submitted an app in the Play Store, developed using codenameone and I received a warning email from Google with the following message:
*"We detected that your app(s) listed at the end of this email are using an unsafe implementation of the WebViewClient.onReceivedSslErrorHandler. You can also see the list of affected apps, as well as details such as version numbers and class names, on the Alerts page in your Developer Console.* *Your current implementation ignores all SSL certificate validation errors, making your app vulnerable to man-in-the-middle attacks. An attacker could change the affected WebView's content, read transmitted data (such as login credentials), and execute code inside the app using JavaScript.* *What’s happening* *Beginning November 25, 2016, Google Play will block publishing of any new apps or updates that contain this vulnerability. Your published APK version will remain unaffected, however any updates to the app will be rejected unless you address this vulnerability.* *Action required* *- To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise.* *- If you are using a 3rd party library that’s responsible for this, please notify the 3rd party and work with them to address the issue.* *- After making changes, sign in to your Developer Console and submit the updated version of your app.* *- Check back after five hours - we’ll show a warning message if the app hasn’t been updated correctly."* I was researching but unfortunately I didn't find anything about that. I think that maybe is an internal issue of the platform but not sure. What do you think? Thanks in advance. Sergio -- You received this message because you are subscribed to the Google Groups "CodenameOne Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to codenameone-discussions+unsubscr...@googlegroups.com. Visit this group at https://groups.google.com/group/codenameone-discussions. To view this discussion on the web visit https://groups.google.com/d/msgid/codenameone-discussions/481bf432-55cc-48e0-882a-7bbbf5f51328%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
