0

When I submit new APK to Google Play, my APK is rejected with message:

Vulnerability   APK Version(s)
OpenSSL
The vulnerabilities were fixed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za.
To confirm your OpenSSL version, you can do a grep via:

$ unzip -p YourApp.apk | strings | grep "OpenSSL"

I checked my APK, and it using 1.0.1c version of OpenSSL. But from Android 6.0, Google recommends using BoringSSL instead of OpenSSL.

What should I do now?

jww
  • 97,681
  • 90
  • 411
  • 885
giangqaz
  • 95
  • 2
  • 8
  • 1
    *"I checked my APK, and it using 1.0.1c version of OpenSSL..."* - why are you using 1.0.1c? – jww Jun 17 '16 at 07:13
  • 1
    Possible duplicate: [Google Play and OpenSSL warning message](http://stackoverflow.com/q/24197777). – jww Jun 17 '16 at 07:14

1 Answers1

1

According to link, it is enough to update OpenSSL version to the latest. Also, you can use BoringSSL if you want, here and here are useful links.

Alex
  • 617
  • 4
  • 15