-2

I have uploaded my production apk file about one month ago. But, now i am getting a warning on apk section(or Alert section) of my Google play developer console.

Security alert

Your app is statically linking against a version of OpenSSL that has multiple security vulnerabilities. You should update OpenSSL as soon as possible.

The vulnerabilities were addressed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do a grep via ("$ unzip -p YourApp.apk | strings | grep "OpenSSL""). For more information about the vulnerability, please consult http://www.openssl.org/news/secadv_20140605.txt.

To confirm that you've upgraded correctly, upload the updated version to the Developer Console and check back after five hours.

Please note, while it's unclear whether these specific issues affect your application, applications with vulnerabilities that expose users to risk of compromise may be considered "dangerous products" and subject to removal from Google Play.

How to fix it?Please help me. I am scared by last line.

"may be considered "dangerous products" and subject to removal from Google Play."

Thanks in advance.

SRB Bans
  • 3,096
  • 1
  • 10
  • 21

2 Answers2

1

change the extension of .apk to .zip and Use the serch file for windows and search for the String "openssl" it will show you the exact version of openssl.

0

According to some Google forums, here is what they suggest you do:

(1) You can determine which apps are using OpenSSL via ("$ unzip -p YourApp.apk | strings | grep "OpenSSL"") (2) Please update all statically linked versions of OpenSSL to 1.0.1h, 1.0.0m, or 0.9.8za. (3) If you are using a 3rd party library that bundles OpenSSL, please notify the 3rd party and work with them to address this.

Hope this helps.

Nirmal
  • 1