Vulnerable version of MoPub

Okan OKYAY

Member
Hello,

Google Play sended me an e-mail. How can I fix this problem?

Your app(s) listed at the end of this email utilize a version of the ad platform MoPub that contains a security vulnerability. If you have more than 20 affected apps in your account, please check the Developer Console for a full list.

Please migrate your app(s) to MoPub v4.4.0 or higher as soon as possible and increment the version number of the upgraded APK. Beginning July 11, 2016, Google Play will block publishing of any new apps or updates that use pre-4.4.0 versions of MoPub.

The vulnerability was addressed in MoPub 4.4.0. The latest versions of the MoPub SDK can be downloaded here. You can confirm the version number by checking in MoPubUtils class. To confirm the version number, please see this help center page.

If you need more information, you can contact MoPub support by emailing support@mopub.com. If you’re using a 3rd party library that bundles MoPub, you’ll need to upgrade it to a version that bundles MoPub 4.4.0 or higher.

To confirm you’ve upgraded correctly, submit the updated version to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.

The vulnerability is due to unsanitized default WebView settings. An attacker may exploit this vulnerability by serving a malicious JavaScript code in an advertising creative, making it possible to infer the existences of privacy-sensitive local resources on the devices. For Android devices with the prior versions of API 16, the attacker can even access local resources. For other technical questions, you can post to Stack Overflow and use the tags “android-security” and “MoPub.”

While these specific issues may not affect every app that uses MoPub, it’s best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered in violation of our Malicious Behavior policy and section 4.4 of the Developer Distribution Agreement.

Apps must also comply with the Developer Distribution Agreement and Developer Program Policies. If you feel we have sent this warning in error, contact our policy support team through the Google Play Developer Help Center.
 

DarShaN PanDya

Active Member
Did U even Checked the Forum?
This thing is Posted like THOUSANDS of time!!
PlzZz do chk wats Goin on in Forum before Posting!
And, This wilp be FiXeD soOn! :)
 
Top