Hi Alex,
Would you send me screenshots of what you're seeing on the Dev Console?
- Eric
Eric Davis | Android Security | eda...@google.com | 650.492.4612
On Fri, Dec 19, 2014 at 6:00 AM, <a...@sparkpeople.com> wrote:
>
> I received the email with the subject "Google Play Security Warning: You
> are using a highly vulnerable version of OpenSSL".
>
> The directions in the email say "To confirm your OpenSSL version, you can
> do a grep via ("$ unzip -p YourApp.apk | strings | grep "OpenSSL"")", but I
> am developing with Windows so I used 7-zip to extract the .APK file and the
> "findstr" command to search for the "OpenSSL" string. The findstr found
> 2 files with "OpenSSL":
>
> /classes.dex
>
> /lib/armeabi-v7a/libxwalkcore.so
>
> My guess is that the library project "org.xwalk.core" is flagging the
> warning. I updated this project to the latest stable release and
> published the update to my app. The email says "To confirm that you've
> upgraded correctly, upload the updated version to the Developer Console and
> check and after five hours." But what am I checking for after 5 hours? How
> do I know if the issue has been resolved or not? I still see an alert
> under the "Older and dismissed alerts" section of the Google Play Developer
> Console. Should that go away? There is no warning Flag on the All
> Applications list for this error but there wasn't a warning there before
> the app was updated either?
>
> Side note that I do get this warning "We have identified a potential
> advertising ID policy violation with your app(s). Please review the flagged
> app(s) listed in your All Applications page for details" on my All
> Applications list, but it is for an unpublished old version of an app that
> I would rather delete from the store than update.
>
> But I really just need to know how to verify if the OpenSSL issue was
> resolved by upgrading the org.xwalk.core library project?
>
> Thanks,
>
> Alex
>
> --
> You received this message because you are subscribed to the Google Groups
> "Android Security Discussions" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to android-security-discuss+unsubscr...@googlegroups.com.
> To post to this group, send email to
> android-security-discuss@googlegroups.com.
> Visit this group at
> http://groups.google.com/group/android-security-discuss.
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to android-security-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to android-security-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
