CODEWITHSUNDEEP
androidsslssl-certificateandroid-volleyandroid-security
rogerio
rogerio

Reputation: 1

HostNameVerifier Play Store Android

I'm having trouble submitting my app. I've already done the Volley settings as below, but the Play Store shows up for rejection.

HostnameVerifier

Your app (s) are using an unsafe implementation of the HostnameVerifier interface. You can find more information about how to solve the issue in this Google Help Center article.

    RequestQueue queue = Volley.newRequestQueue(Services.this, new HurlStack(null, newSslSocketFactory()));
        // Request a string response from the provided URL.

        try {
            final ProgressDialog pDialog = new ProgressDialog(Services.this);
            pDialog.setMessage("Wainting ...");
            pDialog.show();

            String url = "https://sitesecurity.com";
                 StringRequest stringRequest = new StringRequest(Request.Method.POST, url, new Response.Listener<String>(){
                @Override
                public void onResponse(String response) {
}



     private SSLSocketFactory newSslSocketFactory() {
            try {
                HttpsURLConnection.setDefaultHostnameVerifier(new HttpsTrustManager());
                SSLContext context = SSLContext.getInstance("TLS");
                context.init(null, new X509TrustManager[]{new DadosConsultaPerto.NullX509TrustManager()}, new SecureRandom());
                HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
                SSLSocketFactory sf = context.getSocketFactory();
                return sf;
            } catch (Exception e) {
                throw new AssertionError(e);
            }
        }

I tried several methods but the error persists.

Vulnerability APK Version(s) Past Due Date HostnameVerifier

Your app(s) are using an unsafe implementation of the HostnameVerifier interface. You can find more information about how resolve the issue in this Google Help Center article. 5 March 01, 2017

Upvotes: 0

Views: 1994

Answers (2)

Antonio Karanfiloski
Antonio Karanfiloski

Reputation: 39

First select apk version and in Alerts (pre-launch report), select security and trust and in details you will find affected class.

Upvotes: 0

CommonsWare
CommonsWare

Reputation: 1007099

Delete newSslSocketFactory() and stop referring to it in your HurlStack constructor call. That is where you are using HostnameVerifier in a way that is completely insecure.

My guess is that your HttpsTrustManager is this one, which is also completely insecure and will cause your app to be banned from the Play Store. Deleting newSslSocketFactory() will solve that problem as well.

Upvotes: 1

Related Questions