Reputation: 57
What is the best practice to deal with Google Play Store Security Alert?
I have received the following error from Google Play developer console: "Please address this vulnerability as soon as possible and increment the version number of the upgraded APK. To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise."
I guess the issue is caused by my implementation of "onReceicedSslError()". I always proceed with "handler.proceed()" without any checking.
I would like to know what is the best practice to deal with SSL error. And if I do some domain checking, will Google Play still show me such alert?
Thanks in advance.
Upvotes: 4
Views: 411
Answers (1)
Reputation: 39451
You should just remove your onReceivedSslError implementation and use the default behavior, which is to cancel.
The best practice is to treat it like you couldn't connect to the server. Most people have no reason to override certificate checking at all.
Upvotes: 1
Related Questions
- Play store warning to migrate to Play Integrity API: Critical issues for com.google.android.gms:play-services-safetynet:18.0.1
- Security Alert from Google Play Console?
- Google Play Security alert about Google Cloud Platform (GCP) API keys
- Warning of Google Play Developer policy violation: Action Required
- How to remove "Google Play Protect" warning?
- Google Play Warning Incorrect Implementation of Google Play inApp Billing
- Security alert about libpng in my google play console
- Google Play warning: Your App may be leaking developer credentials
- Google Play security alert for insecure TrustManager
- Security Alert in Android App