2

I got an "onReceivedSslError" error in my Play Console account as in the screenshot. enter image description here

I have handled the onReceivedSslError in all WebViewClients and show the required warning message. Then I sent the version to the market and got approval. The version has been released, but it still says this error is in this version, as seen above, under the version. Why is it showing up even though I applied it to all WebViewClients?

Related document sent: https://support.google.com/faqs/answer/7071387

@Override
        public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
            Utilities.showAlertDialog(getActivity(),
                    "SSL Certificate Error", Utilities.getSslErrorMessage(error.getPrimaryError()),
                    getString(R.string.common_continue),
                    getString(R.string.order_detail_product_cancel),
                    () -> handler.proceed(),
                    () -> {
                        handler.cancel();
                    });
        }


public static String getSslErrorMessage(int primaryErrorCode){
    String message = "SSL Certificate error.";
    switch (primaryErrorCode) {
        case SslError.SSL_UNTRUSTED:
            message = "The certificate authority is not trusted.";
            break;
        case SslError.SSL_EXPIRED:
            message = "The certificate has expired.";
            break;
        case SslError.SSL_IDMISMATCH:
            message = "The certificate Hostname mismatch.";
            break;
        case SslError.SSL_NOTYETVALID:
            message = "The certificate is not yet valid.";
            break;
    }
    message += " Do you want to continue anyway?";
    return message;
}

Edit: The error turned yellow on the Play Console after a while, then it stopped coming at all. And I got an email that the error persists. I don't understand why this is so.

enter image description here

I'm on version 75 right now.

UPDATE II: I was still getting an error because of the webview used in the 3d verification screen in the payment sdk I used. So I asked them to fix the sdk. Right now I can't submit a version to the Play Store without fixing this error. But my existing application is still live with the last version I sent.

Gorkem KARA
  • 173
  • 4
  • 14

1 Answers1

2

Although you have handled the onReceivedSslError in all WebViewClients and shown the required warning message, it is possible that there are still some code paths that are not handled properly.

If you reviewed your code again and made sure that you are handling all possible scenarios in the onReceivedSslError method (including showing the warning message properly), make sure that you disabled SSL/TLS certificate validation.

Could you please post the code snippet in the screenshot, in textual form, to be examined in more detail?

UPDATE (after OP posted code snippet):

While it seems you have correctly implemented the SSL error handling logic in your WebViewClients, it seems that your problem lies in the way your Utilities.showAlertDialog(...) is handling proceed() vs. cancel().

In my working code (also deployed to Google Play, without an issue), my dialog allows clicking "proceed" or "cancel" for all errors, except for SSL_IDMISMATCH which is always handled as "proceed":

        if (error.getPrimaryError() != SslError.SSL_IDMISMATCH) {
            final AlertDialog dialog = builder.create();
            dialog.show();
        }
        else {
            handler.proceed();
        }

Does this help?

UPDATE II (after OP responded that the above did not help):

I am posting here the complete onReceivedSslError(...) that works on Google Play:

@Override
public void onReceivedSslError (WebView view, final SslErrorHandler handler, SslError error) {        
    final AlertDialog.Builder builder = new AlertDialog.Builder(this.mMeWebView.getContext());
    String message;
    switch (error.getPrimaryError()) {
        case SslError.SSL_EXPIRED:
            message = "The certificate has expired.";
            break;
        case SslError.SSL_IDMISMATCH:
            message = "The certificate Hostname mismatch.";
            break;
        case SslError.SSL_NOTYETVALID:
            message = "The certificate is not yet valid.";
            break;
        case SslError.SSL_UNTRUSTED:
            message = "The certificate authority is not trusted.";
            break;
        default:
            message = "Unknown SSL error.";
            break;
    }
    message += " Do you want to continue anyway?";

    builder.setTitle("SSL Certificate Error");
    builder.setMessage(message);
    builder.setPositiveButton("continue", new DialogInterface.OnClickListener() {
        @Override
        public void onClick(DialogInterface dialog, int which) {
            handler.proceed();
        }
    });
    builder.setNegativeButton("cancel", new DialogInterface.OnClickListener() {
        @Override
        public void onClick(DialogInterface dialog, int which) {
            handler.cancel();
        }
    });
    if (error.getPrimaryError() != SslError.SSL_IDMISMATCH) {
        final AlertDialog dialog = builder.create();
        dialog.show();
    }
    else {
        handler.proceed();
    }
}

It is not pretty as yours (Java8+ guidelines) but it works.

Introspective
  • 554
  • 2
  • 5
  • 13
  • 1
    Hi, I searched as WebviewClient and I definitely used this method in all the places I used it. I shared the codes about the method in my post again, you can check it out. And the error that appears in the first picture does not appear. I guess it took time to reach all users. But yesterday I released the version and I received an e-mail again saying that if this error persists, your application will be removed on June 22. Why can't the Play Console team provide full clear information on these issues? I was skeptical as to whether the error persists. – Gorkem KARA May 30 '23 at 07:58
  • 1
    @GorkemKARA Based on your code snippet, I posted an update to my answer. HTH. – Introspective May 31 '23 at 10:33
  • 1
    I made the edit as you said and I got an error again in the new package. I don't understand why the error is still coming. – Gorkem KARA Jun 06 '23 at 11:27
  • @GorkemKARA I just posted the complete `onReceivedSslError(...)` that works on Google Play. It is not pretty as yours (Java8+ guidelines) but it works. Please let me know if this works for you. – Introspective Jun 09 '23 at 07:01
  • Hi, I posted an update, you can check it out. Thank you for your help and effort. @Introspective – Gorkem KARA Jul 03 '23 at 10:51
  • @GorkemKARA According to Google, the aforementioned error existed in Android WebView version `91.0.4472.120` but it was fixed in Android WebView version `91.0.4472.121`. The buggy version (91.0.4472.120) corresponds to to `androidx.webkit` version `1.4.0`. I am already using androidx.webkit version `1.7.0`, so I think you can upgrade without waiting for Google's fix. Does this help? – Introspective Jul 03 '23 at 19:33