Unsafe implementation of the interface X509TrustManager - Google Play Services

Question

First off, I should say, I'm mainly a PHP developer. I have a relatively aged app on Google Play that was built targeting API 15 back at the end of 2012.

Have reviewed others' questions here relating to the unsafe implementation of the interface X509TrustManager alert from Google Play but none seem to apply to me. I am not making requests over SSL nor am I using any external library beyond Google Play Services.

The alert says the issue is with apache.http. Specifically it says:

Your app is using an unsafe implementation of the X509TrustManager interface with an Apache HTTP client, resulting in a security vulnerability. Please see this Google Help Centre article for details, including the deadline for fixing the vulnerability.

Since I am not using SSL connections I'm not sure how to proceed. Is the fact that I am not using SSL for connections what Google has a problem with? The data I am exchanging with the server couldn't really be deemed sensitive - lost and found pet listings.

The website the app relates to is voluntary, self-funded and on shared hosting so adding SSL is something I would prefer not to be forced into at this time. Is implementing SSL my only way forward here?

Answer 1

CommonsWare was correct. Updating the Google Play Services has caused the alert to disappear.