Menu
In one of my apps I'm using HTTPS with a self-signed certificate and followed the sample code from the android developer training site (https://developer.android.com/training/articles/security-ssl.html#UnknownCa).
I recently got the following alert saying that the current implementation is not secured:
Security alert
Your app is using an unsafe implementation of the X509TrustManager interface with an Apache HTTP client, resulting in a security vulnerability. Please see this Google Help Center article for details, including the deadline for fixing the vulnerability.
Can someone provide more details on what should be updated beyond the sample code linked above?
Should I implement a custom TrustManager? If so, what should it verify?
281
Try to search for "TrustManager" in your codes, if none is to be found, most of the cases it is because of third party libraries included.
For me it was because of using an older version of ACRA (https://github.com/ACRA/acra).
183
For me the problem was Mobilecore. I've removed the library from the app and upload a new version of the apk and the warning has disappeared from the GPlay Dev Console.
30
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
