Application rejected Unsafe Encryption androidx.transition.u.P

Question

I have submitted my application on play store and It is rejected with following errors:

Your app contains unsafe cryptographic encryption patterns. Please see this Google Help Center article for details.

androidx.transition.u.P

I have search on google but nothing find appropriate. My application is basically a dialer application not sms which has functionality like: call block, dial call.

From this solution "Your app contains unsafe cryptographic encryption patterns" - How I can get rid of this warning?

I am using encryption as below:

SecretKeySpec skeySpec = new SecretKeySpec(getRaw(BuildConfig.PLAIN_TEXT_NAME, BuildConfig.AESSALT_NAME), "AES");
    Cipher cipher = Cipher.getInstance(cypherInstance);
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(initializationVector.getBytes()));
    byte[] encrypted = cipher.doFinal(textToEncrypt.getBytes());
    return Base64.encodeToString(encrypted, Base64.DEFAULT);



 private static byte[] getRaw(String plainText, String salt) {
    try {
        SecretKeyFactory factory = SecretKeyFactory.getInstance(secretKeyInstance);
        KeySpec spec = new PBEKeySpec(plainText.toCharArray(), salt.getBytes(), pswdIterations, keySize);
        return factory.generateSecret(spec).getEncoded();
    } catch (InvalidKeySpecException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
    return new byte[0];
}

I have taken all values in static variable. Is it issue of that?

Do you use these methods to encrypt different things? "Hardcoded" salt is the first bet, you should have different salts per different encryption operations instead of using BuildConfig fields. — bmaciejm, Mar 01 '23 at 10:36

Application rejected Unsafe Encryption androidx.transition.u.P

0 Answers0