[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] Google Play Store rejects app because of Linph

From: Sylvain Berfini
Subject: Re: [Linphone-developers] Google Play Store rejects app because of Linphone old version
Date: Fri, 22 Jul 2016 17:48:07 +0200
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

Hi Anh,

You'll be please to know since today we replaced the de.timroes.axmlrpc library by the xmlrpc implementation in liblinphone.

If you update to the latest version, you shouldn't have this issue anymore. Don't forget to update the submodules.


Sylvain Berfini
Software Engineer @ Belledonne Communications
Le 21/07/2016 à 09:06, Duc Tran Anh a écrit :
Dear Linphone Experts,

Firstly, appreciate for the opensource you are providing.
I have used your Linphone source for our project, now we submitted app to Google Play Store, but it is rejected because of reason we are using an old Lib in our code that violates a secure issue of Google Policy.

Could you please check the reject detail from Google below?
I know well that you have new version (2016) that solve this issue. But if doing change with this new version, we will re-code our project so much, and it will look imposible. That's why I ask you if there maybe another way like just replace a core of lib that would resolve this problem?

Hi Anh,

Thanks for contacting Google Play Developer Support about the security alert you have received with regard to the use of an unsafe implementation of the interface X509TrustManager.

Beginning May 17, 2016, Google Play will block publishing of any new apps or updates containing the unsafe implementation of the interface X509TrustManager.

Version 1 of your app CloseChat contains the following affected code:

To confirm that you’ve addressed the vulnerability, upload the updated version of the app to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.  

To see a full list of all apps affected by security vulnerabilities, please view the Alerts tab of your developer console.

If you believe this vulnerability resides in a third party library, please notify the third party and work with them to address this.

While these specific issues may not affect every app with the TrustManager implementation, it’s best not to ignore SSL certificate validation errors. Apps with vulnerabilities that expose users to risk of compromise may be considered dangerous products in violation of the Content Policy and section 4.4 of the Developer Distribution Agreement.

Specifically, the implementation ignores all SSL certificate validation errors when establishing an HTTPS connection to a remote host, thereby making your app vulnerable to man-in-the-middle attacks. An attacker could read transmitted data (such as login credentials), and even change the data transmitted on the HTTPS connection. 

I hope this helps! If you have any further questions, please let me know. I'm happy to help.

Google Play Developer Support

Thank you so much Linphone Experts!

Thanks and regards,



Duc Tran (Mr. )

Tran Anh Duc

OFC Team

Leader / Software Engineer

Email: address@hidden

Skype: ebw_ducta

Cell phone: (+84)986 606 477









Office: 3rd Floor, SBI Building, Street 3, Quang Trung Software City, Tan Chanh Hiep Ward, District 12, Ho Chi Minh City, Vietnam

Tel: (+848)  371 575 62

Email: address@hidden


Linphone-developers mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]