Google Play Warning, MoPub Vulnerabilities

RizwanBajwa

New Member
Hi Appyet,

We all Appyet users got the Security alert from all our apps from Google Play regarding MoOUb, please check.

Security alert


This information is intended for developers of apps that utilize any version of MoPub, an ad platform, that precedes 4.4.0. These versions contain a security vulnerability.

Please migrate your app(s) to MoPub v4.4.0 or higher as soon as possible and increment the version number of the upgraded APK. Beginning July 11, 2016, Google Play will block publishing of any new apps or updates that use older versions of MoPub.

The vulnerability was addressed in MoPub 4.4.0. The latest versions of the MoPub SDK can be downloaded here. To confirm the version number if you're building using the Jcenter AAR, you can check your Gradle config and make sure it points to 4.4.0. To confirm the version number if you're building directly from source or not using Gradle, you can check com.mopub.common.MoPub.java for SDK_VERSION.

If you need more information, you can contact MoPub support by emailing support@mopub.com. If you’re using a 3rd party library that bundles MoPub, you’ll need to upgrade it to a version that bundles MoPub 4.4.0 or higher.

To confirm you’ve upgraded correctly, submit the updated version to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.

The vulnerability is due to unsanitized default WebView settings. An attacker may exploit this vulnerability by serving a malicious JavaScript code in an advertising creative, making it possible to infer the existences of privacy-sensitive local resources on the devices. For Android devices with the prior versions of API 16, the attacker can even access local resources. For other technical questions, you can post to Stack Overflow and use the tags “android-security” and “MoPub.”

While these specific issues may not affect every app that uses MoPub, it’s best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered in violation of our Malicious Behavior policy and section 4.4 of the Developer Distribution Agreement.

Apps must also comply with the Developer Distribution Agreement and Developer Program Policies. If you feel we have sent this warning in error, contact our policy support team through the Google Play Developer Help Center.

@appyet
@joseph raphael
 

Marc

Active Member
Hi Appyet,

We all Appyet users got the Security alert from all our apps from Google Play regarding MoOUb, please check.

Security alert

This information is intended for developers of apps that utilize any version of MoPub, an ad platform, that precedes 4.4.0. These versions contain a security vulnerability.

Please migrate your app(s) to MoPub v4.4.0 or higher as soon as possible and increment the version number of the upgraded APK. Beginning July 11, 2016, Google Play will block publishing of any new apps or updates that use older versions of MoPub.

The vulnerability was addressed in MoPub 4.4.0. The latest versions of the MoPub SDK can be downloaded here. To confirm the version number if you're building using the Jcenter AAR, you can check your Gradle config and make sure it points to 4.4.0. To confirm the version number if you're building directly from source or not using Gradle, you can check com.mopub.common.MoPub.java for SDK_VERSION.

If you need more information, you can contact MoPub support by emailing support@mopub.com. If you’re using a 3rd party library that bundles MoPub, you’ll need to upgrade it to a version that bundles MoPub 4.4.0 or higher.

To confirm you’ve upgraded correctly, submit the updated version to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.

The vulnerability is due to unsanitized default WebView settings. An attacker may exploit this vulnerability by serving a malicious JavaScript code in an advertising creative, making it possible to infer the existences of privacy-sensitive local resources on the devices. For Android devices with the prior versions of API 16, the attacker can even access local resources. For other technical questions, you can post to Stack Overflow and use the tags “android-security” and “MoPub.”

While these specific issues may not affect every app that uses MoPub, it’s best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered in violation of our Malicious Behavior policy and section 4.4 of the Developer Distribution Agreement.

Apps must also comply with the Developer Distribution Agreement and Developer Program Policies. If you feel we have sent this warning in error, contact our policy support team through the Google Play Developer Help Center.

@appyet
@joseph raphael

@appyet is working on fix, will release a fix for this issue as soon as possible.
 

mobiapp

New Member
Thanks for your respond but I tried to re build the apps, but I didn't received the APKs files in my mail box to upload to Google Play Store, What I should do to receive the APKs files?
Thanks again
 

mobiapp

New Member
Hi, thanks for the previous reply, I've another problem, The App icons doesn't appear after setup on devices, I already uploaded photos as PNG format but I don't know the reasons. can you help me
 

mobiapp

New Member
Solved, Thank you..... :)
could you help me in another thing :D
I want to send notification to all user via my app " to notify fans that I post something new in my facebook page, twitter and Instagram" how can I do it?
 
Top