am not able to publish my apk to Google playstore. Getting SQL Injection error. Your app(s) are using a content provider that contains a SQL Injection vulnerability. Below is the response I have got from *Google Play support*
I understand you have some questions about the SslErrorHandler security vulnerability. I took a look at your app, and has the following class, which contains a vulnerable version of SslErrorHandler: xxxxxx/xxxxxxxx/provider/WorldClockContentProvider;->query Here’s how you can resolve this issue:1. To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise.2. If you are using a 3rd party library that’s responsible for this, please notify the 3rd party and work with them to address the issue. Here is my complete code snippit <https://gitlab.com/bisasda/worldclockwidget/snippets/1755782> and given below. query method. Any help appriciated. public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) { String table; SQLiteOpenHelper helper; int match = URI_MATCHER.match(uri); switch (match) { case CLOCKS: case CLOCKS_ITEM: table = Clocks.TABLE_NAME; helper = getClockDbHelper(); break; case CITIES: case CITIES_ITEM: table = Cities.TABLE_NAME; helper = getCityDbHelper(); break; default: throw invalidUri(uri); } switch (match) { case CLOCKS: case CITIES: if (TextUtils.isEmpty(sortOrder)) { sortOrder = "_ID ASC"; } break; case CITIES_ITEM: case CLOCKS_ITEM: selection = "_ID = " + uri.getLastPathSegment(); break; default: throw invalidUri(uri); } SQLiteDatabase db = helper.getReadableDatabase(); Cursor c = db.query(table, projection, selection, selectionArgs, null, null, sortOrder); c.setNotificationUri(getContext().getContentResolver(), uri); return c; } -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. Visit this group at https://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
