much appreciated On Tue, Oct 9, 2018 at 12:06 AM Brian Carlstrom <b...@google.com> wrote:
> I'll try to find someone from Chrome who can speak to the WebView and > Chrome on Android impact for hybrid scenarios. I'll note that we aren't > planning a platform change to remove CAs on existing devices. > > -bri > > On Fri, Oct 5, 2018 at 2:17 PM Chandra Sekhar Walajapet < > mr.chan...@gmail.com> wrote: > >> Hi Brian, with the chrome 70 release around the corner, do you know if >> this will affect hybrid mobile applications using cordova/phonegap will be >> affected on the same day ? >> >> On Monday, September 17, 2018 at 10:38:21 PM UTC+5:30, Brian Carlstrom >> wrote: >>> >>> Nothing specific I'm aware of yet, even a timeline to have a timeline. >>> I'll circle back with the team and see if I can get more details. >>> >>> -bri >>> >>> On Wed, Sep 12, 2018 at 12:32 PM Anu <ary...@gmail.com> wrote: >>> >>>> Hi Brian, >>>> >>>> Is there any date from when Android will distrust Symantec SSL >>>> certificates? >>>> >>>> Anu >>>> >>>> On Thursday, 17 May 2018 08:20:35 UTC+3, Brian Carlstrom wrote: >>>>> >>>>> Android is planning to follow Chrome's lead and will stop trusting >>>>> Symantec-issued certificates in a future update. Our current plans are >>>>> not >>>>> to do this in P, but you should see the removal in a future platform >>>>> version. >>>>> >>>>> -bri >>>>> >>>>> On Thu, May 10, 2018 at 5:07 PM Campbell Moss <campbe...@gmail.com> >>>>> wrote: >>>>> >>>>>> Regarding the Symantec SSL cert distrust that was announced in >>>>>> September 2017 ( >>>>>> https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html) >>>>>> >>>>>> >>>>>> >>>>>> Clearly this affects the Chrome browser, but I was wondering what >>>>>> impact if any there will be on Android native apps. Specifically: >>>>>> >>>>>> - HTTPS connections initiated by native Android apps >>>>>> (HttpsURLConnection etc.) >>>>>> - Webview components (android.webkit.WebView etc.) >>>>>> >>>>>> >>>>>> >>>>>> I’ve looked through the documentation but can only find information >>>>>> on the Chrome browser. Is there any information on if / when Android >>>>>> native >>>>>> HTTPS APIs will start rejecting Symantec-issued SSL certs? >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Android Security Discussions" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to >>>>>> android-security-discuss+unsubscr...@googlegroups.com. >>>>>> Visit this group at >>>>>> https://groups.google.com/group/android-security-discuss. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Android Security Discussions" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to android-security-discuss+unsubscr...@googlegroups.com. >>>> Visit this group at >>>> https://groups.google.com/group/android-security-discuss. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to android-security-discuss+unsubscr...@googlegroups.com. >> Visit this group at >> https://groups.google.com/group/android-security-discuss. >> For more options, visit https://groups.google.com/d/optout. >> > -- Regards, Chandoo +44 7795090794 -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. Visit this group at https://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
