My best guess is that Google is just scanning the apk package for the physical presence of the outdated SSL code. It may be that the app is not even using SSL.
I think Google needs to work with outside Android developers in terms of giving proper guidance in terms of how best to handle this. As far as I am aware, i am not using SSL in any form anywhere, yet I have also received this warning message from Google. One possibility is that cocos2d-x may include OpenSSL as a default, even though it may not be used in the actual application. Again, I think Google needs to provide proper guidance in terms of how best to handle this issue. Sending out a warning email threatening removal from the Google Play store for containing outdated SSL code that, in most cases, is probably not even being used in the app itself, is not good customer service. On Thursday, June 12, 2014 9:30:14 PM UTC-4, Neil Burlock wrote: > > I just received a cryptic email from Google stating that "one or more" or > my apps is using outdated SSL code. > > Is there some reliable way for me to find out what they are referring to? > I haven't implemented SSL into my apps, so it has to be some 3rd party tool > that's doing it. > > The email threatens that if I guess it wrong, my apps could be suspended. > Three or more policy violations usually equals account termination. I could > update all APIs used and I could still miss whatever is doing it because it > might be some feature built into the tool I used to write the apps. > > Google knows which apps are affected, and I need to find out what they > know. > > I've been unable to find a way to contact anyone at Google for help. I've > tried searching, but I keep ending up at the "help center". > > Is there some sort of email address for security issues? > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
