OpenSSL Issue - Need Assistance

Skip to first unread message

Shiksha Setu

Mar 11, 2022, 3:01:22 AMMar 11

Can you please let em know where to run suggested commnads and how to fix out this OpenSSL issue.

We wanted to let you know that your application is statically linking against a version of OpenSSL that has multiple security vulnerabilities for users. Please migrate your app to an updated version of OpenSSL. Google Play will block publishing of any new apps and updates that use older, unsupported versions of OpenSSL (see below for details).

REASON FOR WARNING: Violation of the Malicious Behavior policy and section 4.4 of the Developer Distribution Agreement.

The vulnerabilities were fixed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do a grep via:
$ unzip -p YourApp.apk | strings | grep OpenSSL

For more information about the vulnerability, please see this OpenSSL Security Advisory. To confirm that you've upgraded correctly, upload the updated version of the app to the Play Console and check back after five hours. For other technical questions about managing OpenSSL, please see!forum/mailing.openssl.users.

We will not accept app updates containing the vulnerabilities. In addition, we will reject new apps containing the vulnerabilities.

Note: while the issues may not affect every app that uses OpenSSL versions prior to 1.0.1h, 1.0.0m, or 0.9.8za, developers should stay up to date on all security patches. Even if you think that specific issues may not be relevant, it's good practice to update any libraries in your app that have known issues. Please take this time to update apps that have out-of-date dependent libraries or other vulnerabilities.

Before publishing applications, please ensure your apps' compliance with the Developer Distribution Agreement and Developer Program Policies. If you feel we have sent this warning in error, visit this Google Play Help Center article.

Your app is using a version of OpenSSL containing a security vulnerability. Please see this Google Help Center article for details, including the deadline for fixing the vulnerability.

Shiksha Setu
Reply all
Reply to author
0 new messages