I received the email with the subject “Google Play Security Warning: You
are using a highly vulnerable version of OpenSSL”.
The directions in the email say “To confirm your OpenSSL version, you can
do a grep via ("$ unzip -p YourApp.apk | strings | grep "OpenSSL"")”, but I
am developing with Windows so I used 7-zip to extract the .APK file and the
“findstr” command to search for the “OpenSSL” string. The findstr found 2
files with “OpenSSL”:
/classes.dex
/lib/armeabi-v7a/libxwalkcore.so
My guess is that the library project “org.xwalk.core” is flagging the
warning. I updated this project to the latest stable release and published
the update to my app. The email says “To confirm that you’ve upgraded
correctly, upload the updated version to the Developer Console and check
and after five hours.” But what am I checking for after 5 hours? How do
I know if the issue has been resolved or not? I still see an alert under
the “Older and dismissed alerts” section of the Google Play Developer
Console. Should that go away? There is no warning Flag on the All
Applications list for this error but there wasn’t a warning there before
the app was updated either?
Side note that I do get this warning “We have identified a potential
advertising ID policy violation with your app(s). Please review the flagged
app(s) listed in your All Applications page for details” on my All
Applications list, but it is for an unpublished old version of an app that
I would rather delete from the store than update.
But I really just need to know how to verify if the OpenSSL issue was
resolved by upgrading the org.xwalk.core library project?
Thanks,
Alex
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to android-security-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to android-security-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
