Reputation: 11
How to fix game made with Unity 3D Android X509TrustManager rejected by google play?
I have made a game in Unity 3D 2019.2 Android and I have sent it to Google Play, I got this message,
Your app has a Security alert because is using an unsafe implementation of the X509TrustManager interface with an Apache HTTP client, resulting in a security vulnerability.
Please, I would be very grateful if you can you be so kind to help me in some way, to know where the X509TrustManager is inside Unity, where is it used in my project in Unity, and how to fix it, or where is it to modify it.
I have already searched a few hours over the internet any relation between Unity with X509TrustManager and Unity and have not been able to find any possible solution.
I use Split by architecture in Unity to build multiple APKs I do not have any custom Android Manifest, it is built by Unity when the build is made.
I am not using any SSL certificate or using Trustmanager in any way as far as I know. I do not use any kind of plugins and do not have any kind of in-app purchase. I do not collect any user data and do not connect to the internet as far as I know
I do not have installed the Google Play plugin, I only have the Unity PlayServicesResolver
Google told me to look at this reference, but I have no idea about this and I am using Unity and do not know where is this
It seems that it has any relation with java, but I have no idea about java, and I do not have any java files in my project, although I know that is used have to build the project in Unity for Android.
I expected to find some documentation about where or how is used the X509Trustmanager inside Unity to configure it but do not know where is it
Please, I would be very grateful if you can be so kind as to help me in some way.
Thanks very much for any possible help
Upvotes: 1
Views: 655
Answers (1)
Reputation: 5788
As you mentioned, the might be in Java. It's using deprecated HTTP Apache for network call, and probably, default self signed CA. You could use deprecated source with setting in the Gradle, to use legacy library. But this will not resolve the problem.
Instead, you need to move to the Default HTTP UrlConnection, which is already tight to CA inside the system. This is also described in the Android Documentation. But as far, as you are using Unity, you are not handling it. So I think this question should be raised to the Unity support. At other hand, I deprecated for a long time, and I think Unity support should describe a way to resolve it already.
Upvotes: 1
Related Questions
- Unsafe implementation of the interface X509TrustManager - Google Play
- How to fix unsafe implementation of X509TrustManager in Android app
- Google Play Rejects My App For Unsafe Cryptographic Encryption Patterns
- Cannot update Unity game due to APK signing process of Google Play Console
- Unity unable to publish to Play Console - Invalid app signature
- Unity Google Play Games Plugin: ERROR NOT AUTHORIZED CODE 13
- unity google play app signing issue and keystore
- Android X509TrustManager app rejected google play
- Unsafe implementation of the interface X509TrustManager - Google Play Services
- Android signed app crashing. Worked before sign