0

Everything is in the title, Google complains about a version of libpng in my apk that contains a security risk. But I don't include that library myself. I guess it is one of my included dependencies that includes it but I don't know how to find it.

Here is the content of my dependencies section of my gradle module:

dependencies {
    compile fileTree(include: ['*.jar'], dir: 'libs')
    testCompile 'junit:junit:4.12'
    compile('com.google.http-client:google-http-client-gson:1.21.0') {
        exclude module: 'xpp3'
        exclude group: 'stax'
    }
    compile 'com.android.support:appcompat-v7:24.2.0'
    compile 'com.android.support:design:24.2.0'
    compile 'com.facebook.android:facebook-android-sdk:4.9.0'
    compile 'com.google.android.gms:play-services-auth:9.4.0'
    compile 'com.octo.android.robospice:robospice:1.4.14'
    compile 'com.octo.android.robospice:robospice-google-http-client:1.4.14'
    compile 'org.lucasr.twowayview:twowayview:0.1.4'
    compile 'com.github.neopixl:PixlUI:v1.0.6'
    compile 'com.github.bluejamesbond:textjustify-android:2.1.6'
    compile('com.crashlytics.sdk.android:crashlytics:2.6.0@aar') {
        transitive = true;
    }
    compile 'com.fernandocejas:arrow:1.0.0'
    compile 'com.flurry.android:analytics:6.4.0'
    compile project(':sdktools')
}

sdktools here refers to Scout (Skobbler Scout, native offline map viewer tools)

Also, not listed here but i also include universal image loader v1.9.5 in my libs directory.

So to summarize, my questions are : how to find which of my dependencies includes an old version of libpng ? Or do you know based on this dependencies structure which of them includes it ?

jav974
  • 1,022
  • 10
  • 22
  • 1
    Have you tried running strings on all your elf files and grepping for libpng? – Antimony Sep 13 '16 at 01:07
  • yes and no occurence found – jav974 Sep 13 '16 at 12:59
  • oh wait i didn't try grep and i found out the issue afterwards !! it is the sdktools project. thanks a lot – jav974 Sep 13 '16 at 13:35
  • @jav974 how did you solve this issue ? I am also working on an app using Skobbler maps and the app got rejected. – anemo Sep 30 '16 at 06:32
  • @SumitAnantwar read this thread http://forum.skobbler.com/showthread.php/7631-Android-Google-Play-Developer-libpng-warning there is the download link for latest v3 patch – jav974 Oct 01 '16 at 18:36
  • @jav974, Thanks a lot! – anemo Oct 06 '16 at 15:58
  • @jav974 could you perhaps create a deteailed answer of your solution ? I too am struggling with this issue and unfortunately, I do not understand "running strings on all your elf files and grepping for libpng" and wish you could please explain your solution better ? Thanks ! – Janpan Oct 18 '16 at 19:23

1 Answers1

4

Here is the way to find which library in your apk is using libpng:

On Mac:

  1. Rename your .apk file to .zip file.
  2. Unzip the renamed .zip file.
  3. Run below command in root directory of your unzipped apk (note the '.' or '*' at end of the command) e.g.

MyApkRootDirectory$ grep -r --text "libpng" .

OR

MyApkRootDirectory$ grep -r --text "libpng" *

-r: Tells grep to perform its search recursively

--text: Process a binary file as if it were text; this is equivalent to the --binary-files=text option.

If you want to highlight the matching text for easy viewing (to see libpng version), give --color option also.

You can refer this link for more info about grep: http://www.computerhope.com/unix/ugrep.htm

deepak4bin
  • 810
  • 9
  • 13