Reputation: 11
Google Play Warning: SSL Error Handler Vulnerability
In my Android application, I use the Deezer SDK to play tracks. I recently received an email from Google with the following subject : "Google Play Warning: SSL Error Handler Vulnerability". In this email, Google explains that my app has an ["unsafe implementation of the WebViewClient.onReceivedSslError handler. Specifically, the implementation ignores all SSL certificate validation errors, making your app vulnerable to man-in-the-middle attacks. An attacker could change the affected WebView's content, read transmitted data (such as login credentials), and execute code inside the app using JavaScript."]
At the end of the email, the affected class is mentioned : com.deezer.sdk.network.connect.Blues$Blues;
The Deezer SDK version I use is 0.10.17.
Does the 0.10.19 version solve this vulnerability issue ? There is nothing about that in the assiocated Release Notes.
Upvotes: 1
Views: 2962
Answers (1)
Related Questions
- Google Play Warning: WebViewClient.onReceivedSslError handler
- android Google Play Warning: SSL Error Handler Vulnerability
- How to fix the Google Play Warning: SSL Error Handler Vulnerability
- Google Play Warning: How to fix incorrect implementation of HostnameVerifier
- Google Play Warning: How to fix incorrect implementation of HostnameVerifier?
- SSL Warning from google play
- Google Play Warning: SSL Error Handler Vulnerability have a False Positive for WebViewClient.onReceivedSslErrorHandler SSL
- Codenameone Google Play Warning: SSL Error Handler Vulnerability
- Google Play Warning: WebViewClient.onReceivedSslError handler
- Google Play and OpenSSL vulnerability warning