1

I am using Vitamio 5.0.0 version for my app in Google Play. Today i gat a mail from google. it says "Google Play warning: You are using a vulnerable version of OpenSSL "

Hello Google Play Developer,

Your app(s) listed at the end of this email utilize a version of OpenSSL that contains one or more security vulnerabilities. If you have more than 20 affected apps in your account, please check the Developer Console for a full list.

Please migrate your app(s) to OpenSSL 1.02f/1.01r or higher as soon as possible and increment the version number of the upgraded APK. Beginning July 11, 2016, Google Play will block publishing of any new apps or updates that use older versions of OpenSSL. If you’re using a 3rd party library that bundles OpenSSL, you’ll need to upgrade it to a version that bundles OpenSSL 1.02f/1.01r or higher.

The vulnerabilities were addressed in OpenSSL 1.02f/1.01r. The latest versions of OpenSSL can be downloaded here. To confirm your OpenSSL version, you can do a grep search for ($ unzip -p YourApp.apk | strings | grep "OpenSSL").

To confirm you’ve upgraded correctly, submit the updated version to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.

The vulnerabilities include "logjam" and CVE-2015-3194. The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. Details about other vulnerabilities are available here. For other technical questions, you can post to Stack Overflow and use the tags “android-security” and “OpenSSL.”

While these specific issues may not affect every app that uses OpenSSL, it’s best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered in violation of our Malicious Behavior policy and section 4.4 of the Developer Distribution Agreement.

Apps must also comply with the Developer Distribution Agreement and Developer Program Policies. If you feel we have sent this warning in error, contact our policy support team through the Google Play Developer Help Center.

Regards,

The Google Play Team

jww
  • 97,681
  • 90
  • 411
  • 885
Kadri
  • 39
  • 7
  • 2
    what is the question? – Alexandru C. Apr 01 '16 at 08:12
  • Question is "What can we do at this case" I appeal to the Vitamio authorities here... in Vitamio 5.0.0 has a Open SSL problem. Google says that. – Kadri Apr 01 '16 at 12:30
  • Possible duplicate of [Google Play and OpenSSL warning message](http://stackoverflow.com/questions/24197777/google-play-and-openssl-warning-message). If you want to appeal to Vitamio, then you need to contact them directly. Their website is at [http://www.vitamio.org](https://www.vitamio.org). Stack Overflow and Vitamio are not affiliated, as far as I know. – jww Apr 01 '16 at 18:48
  • No duplicate they are not same. İ send mail to vitamio directly but i dont have any response and i want to search another solution! – Kadri Apr 04 '16 at 12:12
  • let me know if you find any solution : ) – Salman Ashraf Apr 13 '16 at 15:20
  • 1
    okay @SalmanAshraf if i found solution i will write here :) – Kadri Apr 14 '16 at 07:53
  • @Kadri please share solution – Florida Apr 17 '16 at 07:43
  • 1
    yes @Florida if you found. I will share sloution... – Kadri Apr 18 '16 at 08:20

0 Answers0