Hi, We are distributing a VOIP SDK for mobile developers, and have recently released a new version which includes the OpenSSL security vulnerability fix from May 3rd. However our users are still seeing the security alert. Can anyone provide any insight on what exactly is checked when an APK is uploaded? So far I have reproduced the warning if using "OpenSSL 1.0.2 (compatible; BoringSSL)" version string, but these do not produce a warning: "OpenSSL 1.0.2f (compatible; BoringSSL)", "OpenSSL 1.0.2r (compatible; BoringSSL)", ""OpenSSL 1.0.2h (compatible; BoringSSL)". Note that here 1.0.2r is not really a valid version specifier, but 1.0.1r is, however there is still no security warning. So is it only a text-based check or something more deep? Thanks
-- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/android-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/android-developers/99298a93-7b66-4b3b-8964-e76060c60be4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
