Hi,
i received a warning from Google play about "unsafe implementation of the WebViewClient.onReceivedSslError handler". This is caused by Inmobi.
Please find the warning message below.
Regards.
The warning message:
"com.appyet.activity.aq;,com.appyet.activity.e;,com.inmobi.commons.analytics.iat.impl.net.AdTrackerWebViewLoader$MyWebViewClient;,com.appyet.activity.aq;,com.appyet.activity.e;,com.inmobi.commons.analytics.iat.impl.net.AdTrackerWebViewLoader$MyWebViewClient;"
Hello Google Play Developer,
Your app(s) listed at the end of this email have an unsafe implementation of the WebViewClient.onReceivedSslError handler. Specifically, the implementation ignores all SSL certificate validation errors, making your app vulnerable to man-in-the-middle attacks. An attacker could change the affected WebView's content, read transmitted data (such as login credentials), and execute code inside the app using JavaScript.
Please address this vulnerability as soon as possible and increment the version number of the upgraded APK. To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise.
For more information about the SSL error handler, please see our documentation in the Android Developers Help Center. For other technical questions, you can post to https://www.stackoverflow.com/questions and use the tags “android-security” and “SslErrorHandler.”
To confirm you’ve upgraded correctly, submit the updated version to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.
While these specific issues may not affect every app that uses WebView SSL, it’s best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered dangerous products in violation of the Content Policy and section 4.4 of the Developer Distribution Agreement.
Apps must also comply with the Developer Distribution Agreement and Content Policy. If you have questions or concerns, please contact our support team through the Google Play Developer Help Center.
i received a warning from Google play about "unsafe implementation of the WebViewClient.onReceivedSslError handler". This is caused by Inmobi.
Please find the warning message below.
Regards.
The warning message:
"com.appyet.activity.aq;,com.appyet.activity.e;,com.inmobi.commons.analytics.iat.impl.net.AdTrackerWebViewLoader$MyWebViewClient;,com.appyet.activity.aq;,com.appyet.activity.e;,com.inmobi.commons.analytics.iat.impl.net.AdTrackerWebViewLoader$MyWebViewClient;"
Hello Google Play Developer,
Your app(s) listed at the end of this email have an unsafe implementation of the WebViewClient.onReceivedSslError handler. Specifically, the implementation ignores all SSL certificate validation errors, making your app vulnerable to man-in-the-middle attacks. An attacker could change the affected WebView's content, read transmitted data (such as login credentials), and execute code inside the app using JavaScript.
Please address this vulnerability as soon as possible and increment the version number of the upgraded APK. To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise.
For more information about the SSL error handler, please see our documentation in the Android Developers Help Center. For other technical questions, you can post to https://www.stackoverflow.com/questions and use the tags “android-security” and “SslErrorHandler.”
To confirm you’ve upgraded correctly, submit the updated version to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.
While these specific issues may not affect every app that uses WebView SSL, it’s best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered dangerous products in violation of the Content Policy and section 4.4 of the Developer Distribution Agreement.
Apps must also comply with the Developer Distribution Agreement and Content Policy. If you have questions or concerns, please contact our support team through the Google Play Developer Help Center.