Reputation: 9428
How to fix Google App vulnerability - TrustManager when we don't directly use the code?
The app was fine until recently we started getting mails from Google about TrustManager vulnerability. We don't directly use TrustManager. So the only possibilities are from those dependencies. We did a quick search on places that contain 'TrustManager' and return many.
According to Google, we should fix it by this below. How can we customize those codes in our Flutter project?
To properly handle SSL certificate validation, change your code in the checkServerTrusted method of your custom X509TrustManager interface to raise either CertificateException or IllegalArgumentException whenever the certificate presented by the server does not meet your expectations. In particular, please be aware of the following pitfalls:
Ensure that the Exceptions raised by checkServerTrusted are not caught within the method. This would cause checkServerTrusted to exit normally, leading the app to trust an harmful certificate. Do not use checkValidity for purposes of vetting the server certificate. checkValidity checks if a certificate is unexpired, and cannot tell if a certificate should not be trusted.
Upvotes: 0
Views: 486
Answers (1)
Related Questions
- an unsafe implementation of the interface X509TrustManager from google
- How to fix game made with Unity 3D Android X509TrustManager rejected by google play?
- Unsafe implementation of the interface X509TrustManager - Google Play
- TrustManager vulnerability when flutter app published in Google Play
- How to fix unsafe implementation of X509TrustManager in Android app
- How to fix Unsafe implementantion of TrustManager?
- You are using an unsafe implementation of X509TrustManager
- Google Play security alert for insecure TrustManager
- How to fix apps containing an unsafe implementation of TrustManager
- Unsafe implementation of the interface X509TrustManager - Google Play Services