Reputation: 637
Google rejected app because of HostnameVerifier issue
Updated my app to trust all certificates in volley for sdk 17 and below as volley works fine without hostname verifier for higher sdk. It worked fine but google rejected my app update saying
Your app(s) are using an unsafe implementation of the HostnameVerifier interface.
I am using the following code
TrustManager[] trustAllCertsc = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
} };
SSLContext scc = null;
try {
scc = SSLContext.getInstance("SSL");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
try {
scc.init(null, trustAllCertsc, new java.security.SecureRandom());
} catch (KeyManagementException e) {
e.printStackTrace();
}
HttpsURLConnection.setDefaultSSLSocketFactory(scc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier allHostsValidc = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValidc);
Upvotes: 0
Views: 2845
Answers (2)
Reputation: 14489
I wouldn`t recommend to continue development on your app with unsecure HTTP requests.
However, if you dont care about security at all, you can use the following code instead to work with Volley and get approved at PlayStore:
private static void disableSSLCertificateChecking() {
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
// Not implemented
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
// Not implemented
}
}};
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
Upvotes: -1
Reputation: 1007099
Delete all of that code. You will fail multiple Play Store checks (HostnameVerifier and an accept-all TrustManager). Plus, the reason why the Play Store is rejecting your app is because, through this code, you are weakening app security.
Upvotes: 2
Related Questions
- android retrofit Hostname not verified
- Google Play Security Alert - Your app is using an unsafe implementation of the HostnameVerifier
- HostNameVerifier Play Store Android
- SSL Exception when using Volley
- Proper HostName Verifier in app according to Googe Play Store
- your app is using unsafe implementation of hostname verifier
- Google Play Warning: How to fix incorrect implementation of HostnameVerifier?
- App rejected by Google Play
- Android Volley SSL error
- Android SSL HostName Was Not Verified