Unsafe implementation of TrustManager

Question

I'm trying to publish an App on Google Play, but I'm getting an email with this error message: Vulnerability TrustManager, apps containing an unsafe implementation of TrustManager.

To properly handle SSL certificate validation, change your code in the checkServerTrusted method of your custom X509TrustManager interface to raise either CertificateException or IllegalArgumentException whenever the certificate presented by the server does not meet your expectations.

I'm using these libraries in my app: compile 'com.squareup.picasso:picasso:2.5.2' compile 'com.squareup.retrofit2:retrofit:2.0.1' compile 'com.squareup.retrofit2:converter-gson:2.0.0' compile 'com.squareup.okhttp3:okhttp:3.3.1'

Could you give me a cable to solve it, Thanks in advance

Did you check the developer console? That should tell you which classes are being flagged. — Antimony, Jun 07 '16 at 23:05

score 1 · Answer 1 · answered Jun 08 '16 at 19:29

1

I found the problem, it was the PayPal_MPL.jar who blocked the submission on Google Play.

This link allows to solve this problem: https://github.com/paypal/sdk-packages/issues/72

answered Jun 08 '16 at 19:29

zerstoer

95
10

That actually saved my ass the last time - app got approved, thus I have to say "thank you"; this time, with a fixed MPL I am getting the same error and have totally 0 ideas why this is happening. – jujka Aug 10 '16 at 17:08

Unsafe implementation of TrustManager

1 Answers1