|
From: | Ronny Haryanto |
Subject: | [Linphone-developers] Linphone OpenSSL Google Play Upload Refusal |
Date: | Mon, 7 Dec 2015 10:25:26 +0800 |
Security Alert
This is to notify you that the static link OpenSSL version of your application has multiple security vulnerabilities that may endanger the user. Please 2015/7/7 prior to your application to migrate to a newer version of OpenSSL. Since that date,as long as new applications and updates using unsupported legacy OpenSSL, is prohibited on Google Playrelease (see details below).
Warning Cause: violation "Content Policy" of dangerous goods provisions, and "Developer Distribution Agreement" Article4.4 bars.
1.0.1h, 1.0.0m and OpenSSL versions have been corrected after 0.9.8za these vulnerabilities. To make sure that your version of OpenSSL, do the grep command:
$ Unzip -p YourApp.apk | strings | grep "OpenSSL"For more information about security vulnerabilities, see this OpenSSL security bulletin . To verify that you have correctly upgraded, please upload an updated version of the application developer console, and within five hours after the check back. If you have any technical questions about management OpenSSL, seehttps://groups.google.com/forum/#!forum/mailing.openssl.users .
Since 2015/7/7 onwards, we will not accept applications contain security vulnerabilities updated. In addition, the new release of the application if it contains security vulnerabilities, we would have been rejected.
Note: Although some use 1.0.1h, 1.0.0m or 0.9.8za OpenSSL versions prior to application affected by security issues, developers should still install all the latest security patches. Even if you think the problem is not related to a specific, we still recommend that you library application contains all the known problems updates. If the application contains an old dependency libraries or other security vulnerability, indeed updated.
Before publishing an application, make sure your application in line with " Developer Distribution Agreement "and" content policy . " If you believe we should not convey this warning, see this Google Play Help Center article .
[Prev in Thread] | Current Thread | [Next in Thread] |