linphone-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Linphone-developers] Linphone OpenSSL Google Play Upload Refusal


From: Ronny Haryanto
Subject: [Linphone-developers] Linphone OpenSSL Google Play Upload Refusal
Date: Mon, 7 Dec 2015 10:25:26 +0800

Hello, 

My company used Linphone library for VoIP part of our app, but when we proceed to upload the app to Google Play, it rejects the upload saying that the OpenSSL version is outdated.
Can anybody please advise us the procedure to upgrade the OpenSSL library in Linphone? 

*The message from Google Play

Security Alert

This is to notify you that the static link OpenSSL version of your application has multiple security vulnerabilities that may endanger the user. Please 2015/7/7 prior to your application to migrate to a newer version of OpenSSL. Since that date,as long as new applications and updates using unsupported legacy OpenSSL, is prohibited on Google Playrelease (see details below).

Warning Cause: violation "Content Policy" of dangerous goods provisions, and "Developer Distribution Agreement" Article4.4 bars.

1.0.1h, 1.0.0m and OpenSSL versions have been corrected after 0.9.8za these vulnerabilities. To make sure that your version of OpenSSL, do the grep command: 
$ Unzip -p YourApp.apk | strings | grep "OpenSSL"

For more information about security vulnerabilities, see this OpenSSL security bulletin . To verify that you have correctly upgraded, please upload an updated version of the application developer console, and within five hours after the check back. If you have any technical questions about management OpenSSL, seehttps://groups.google.com/forum/#!forum/mailing.openssl.users .

Since 2015/7/7 onwards, we will not accept applications contain security vulnerabilities updated. In addition, the new release of the application if it contains security vulnerabilities, we would have been rejected.

Note: Although some use 1.0.1h, 1.0.0m or 0.9.8za OpenSSL versions prior to application affected by security issues, developers should still install all the latest security patches. Even if you think the problem is not related to a specific, we still recommend that you library application contains all the known problems updates. If the application contains an old dependency libraries or other security vulnerability, indeed updated.

Before publishing an application, make sure your application in line with " Developer Distribution Agreement "and" content policy . " If you believe we should not convey this warning, see this Google Play Help Center article .


Thank you for your helps.

Best Regards,
Ronny


reply via email to

[Prev in Thread] Current Thread [Next in Thread]