Stack Overflow
Stack Overflow

Questions tagged [android-security]

Tag used by Android in Security Alert messages to developers. The Security Alert message is often accompanied with a Google-Play rejection. AOSP instructions state to tag a question with it.

Tag used by Android in Security Alert messages to developers. The Security Alert message is often accompanied with a Google-Play rejection. AOSP instructions state to tag a question with it.

656 questions
5
votes
1 answer

android how to hide or protect from url link in source code

I used url link in my app to send and receive data from server. If some body decompile my apk file and get source can use url and send spam or do some buy without pay! now how can I protect url links? This is a sample of request to server that I…
john
  • 345
  • 1
  • 4
  • 20
5
votes
1 answer

How to set key size for KeyPairGeneratorSpec on API 18?

Android Keystore (with KeyPairGeneratorSpec etc) was introduced in API level 18. However, the method KeyPairGeneratorSpec.Builder.setKeySize() was only introduced in API level 19. While supporting API level 18 (Android 4.3), is it possible to set…
Jonik
  • 80,077
  • 70
  • 264
  • 372
5
votes
0 answers

Invoking the in-app billing service without setting a target package for the intent

I just received an email from Google Play stating: "We detected that your app(s) listed at the end of this email are invoking the in-app billing service without setting a target package for the intent. This can enable a malicious package to bypass…
kashif789us
  • 474
  • 8
  • 23
5
votes
1 answer

Unsafe implementation of the interface X509TrustManager - Google Play Services

First off, I should say, I'm mainly a PHP developer. I have a relatively aged app on Google Play that was built targeting API 15 back at the end of 2012. Have reviewed others' questions here relating to the unsafe implementation of the interface…
Joe
  • 69
  • 6
4
votes
1 answer

Link to a working webRTC library for Android

Google play have a new error/warning from the last days about the WebRTC library that I use. I use this library for almost a year. google-webrtc-1.0.32006.aar My app is still available but they ask to update the library, which usually means that…
kfir
  • 635
  • 8
  • 27
4
votes
0 answers

Android Security Vulnerability - Intent Redirection in Fragment Activity OnActivityResult

Recently, My app update got rejected due to Security Vulnerability INTENT REDIRECTION. And as per Google Play console - Security Alerts. Following is the error. Your app contains an Intent Redirection vulnerability. Please see this Google Help…
shakunthalaMK
  • 386
  • 1
  • 4
  • 20
4
votes
1 answer

Unable to trace the origin of intent redirection vulnerability issue

I understand what is an intent redirection vulnerability issue. Also, aware of the solutions. But I am facing trouble finding the origin of this issue. Play console is reporting that the error lies here…
Rijo Kuriakose
  • 164
  • 1
  • 11
4
votes
1 answer

What path to put executable to run on Android 29?

My Android app includes a set of executables that are extracted to app directory (/data/data/%package%/) on the first run. It worked just fine if targeted to Android 28 (targetSdkVersion). Since November 2, 2020 it not allowed in Google Play and all…
4ntoine
  • 19,816
  • 21
  • 96
  • 220
4
votes
2 answers

Android App Vulnerability - HostnameVerifier, not anywhere in codebase

After submission to the Google Play Store I receive an email notification telling me my APK is using an unsafe implementation of the HostnameVerifier interface. I can't find anywhere where I'm using HostnameVerifier in the code at all, so am unable…
yorkie1990
  • 181
  • 1
  • 8
4
votes
2 answers

Unsafe implementation of the HostnameVerifier interface related to PayPal android

I never use HostNameVerifier in my application google still sending mail and fix the deadline and I need a suggestion for this question. I got a alert in google play console find below its related to PayPal I didn't found these classes in my…
vedasai
  • 71
  • 8
4
votes
2 answers

If I store a private key inside KeyStore from app A, is it possible to retrieve that same key from app B?

I'm working on an Android multi module (multiple apps) project and encountered a use case where I have to save some secret information that could be accessed by all these apps. My idea is to encrypt the secret information using a private key that is…
Prudhvi
  • 2,276
  • 7
  • 34
  • 54
4
votes
0 answers

angular-sanitize and angular-cookies CVE warnings in google play console

Google Play Console now has a list of potentially vulnerable javascript libraries for each app. https://support.google.com/faqs/answer/9464300 However, I am not able to find the related CVE for a couple of the libraries that it has flagged.…
Shankari
  • 389
  • 2
  • 4
  • 14
4
votes
0 answers

Google Play Cross App Scripting Vulnerability: How do I protect calls to evaluateJavascript?

My app is caught up in Google's Cross App Scripting security warning and I can't seem to get a version of the app that doesn't trigger Google's warning. The majority of the functionality is a WebView wrapper for a web app. That's where the warning…
Tony Stubblebine
  • 291
  • 3
  • 3
4
votes
2 answers

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. on api less 24

com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. I got this error in logcat on api from 19 to 24 and there is no data loading…
Amin
  • 463
  • 2
  • 11
  • 29
4
votes
0 answers

Google play store rejected application due to SSL Error Handler code

HI All my Google PlayStore Reject my application because below code is in my application. check sakiM's answer. @Override public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) { final AlertDialog.Builder…
Mr X
  • 1,053
  • 2
  • 11
  • 24
1 2 3
43 44