-1

My android Apk has been deleted from Google Play Store due to security issue : TrustManager and HostnameVerifier. After receiving the first message from Google (see screen capture ), I noticed that the apk version was apk 5. I have removed the following code that was related to trustmanager and HostnameVerifier to my project

  @SuppressLint("TrulyRandom")
public static void handleSSLHandshake() {
    try {
        TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override
            public void checkClientTrusted(X509Certificate[] certs, String authType) {
            }

            @Override
            public void checkServerTrusted(X509Certificate[] certs, String authType) {
            }
        }};

        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        });
    } catch (Exception ignored) {
    }
}

and I have submited an update. but Google is still rejecting my update. The problem is, I always get a message related to apk version 5 with the same security issue or my last update attempt is apk version 18.

Any idea?

Screenshot of message when app deleted

Screenshot of the last message from Google related to my last update

user2946641
  • 11
  • 3

2 Answers2

0

Have you signed your APK with the same key as the previous APK ?

Wowo Ot
  • 1,362
  • 13
  • 21
0

Hi received an email from Google team, and it seems that I had an apk version code 5 in internal test section. It was active even if that apk was labeled "deactivated" and that is why my update in production section wasn't validated. So here is what I did:

  1. Upload an update apk to internal test section . that will deactivate the apk version code 5
  2. When that update went well , automatically my last update attempts in production section was validated.
user2946641
  • 11
  • 3