ASNE icon indicating copy to clipboard operation
ASNE copied to clipboard

Published 20 hours ago verified publisher icon gorbin

Security Google Play Warning in OAuthActivity

Open landarskiy opened this issue 9 years ago • 4 comments

For more details see stack overlow question

landarskiy avatar Feb 15 '16 14:02 landarskiy

Same here.

the issue is inside the OAuthActivity.java in which

        @Override
        public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
            handler.proceed();
        }

the method overrides the default one with handler.proceed() instead of handler.cancel().

Why?

gianpaolodn avatar Feb 18 '16 12:02 gianpaolodn

Hi, does the 0.3.3.3 release on mvn include this fix ? I'm not sure when it was published..

aantunovic avatar Mar 08 '16 10:03 aantunovic

+1 I am using the 0.3.3.3 release in my apps but still got the warning from Google, so I assume this release does not include the fix yet. It's also a bit tricky to pull down the last commit from git if it's untested...

philippeluickx avatar Apr 19 '16 09:04 philippeluickx

Just received this email from google:

Beginning November 25, 2016, Google Play will block publishing of any new apps or updates that contain this vulnerability. Your published APK version will remain unaffected, however any updates to the app will be rejected unless you address this vulnerability.

So this means that a new release is needed or this library cannot be used anymore.

gianpaolodn avatar Aug 26 '16 10:08 gianpaolodn