4

HI All my Google PlayStore Reject my application because below code is in my application.

check sakiM's answer.

@Override
public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
    final AlertDialog.Builder builder = new AlertDialog.Builder(this);
    builder.setMessage(R.string.notification_error_ssl_cert_invalid);
    builder.setPositiveButton("continue", new DialogInterface.OnClickListener() {
        @Override
        public void onClick(DialogInterface dialog, int which) {
            handler.proceed();
        }
    });
    builder.setNegativeButton("cancel", new DialogInterface.OnClickListener() {
        @Override
        public void onClick(DialogInterface dialog, int which) {
            handler.cancel();
        }
    });
    final AlertDialog dialog = builder.create();
    dialog.show();
}

How to fix this error?

Error mail from play store : Hello Google Play Developer,

We rejected YOurAPP, with package name com.example.myApp, for violating our Malicious Behavior or User Data policy. If you submitted an update, the previous version of your app is still available on Google Play.

This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.

Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.

Vulnerability APK Version(s) Past Due Date SSL Error HandlerFor more information on how to address WebView SSL Error Handler alerts, please see this Google Help Center article. 12 November 30, 2016

To confirm you’ve upgraded correctly, submit the updated version of your app to the Play Console and check back after five hours to make sure the warning is gone.

While these vulnerabilities may not affect every app that uses this software, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known security issues, even if you're not sure the issues are relevant to your app.

Apps must also comply with the Developer Distribution Agreement and Developer Program Policies.

If you feel we have made this determination in error, please reach out to our developer support team.

Best,

The Google Play Team

CommonsWare
  • 954,112
  • 185
  • 2,315
  • 2,367
Mr X
  • 1,038
  • 1
  • 11
  • 24
  • 2
    The idea is that you are supposed to examine the `SSLCertificate` inside the `SSLError` and determine if this is indeed a valid certificate for whatever server you are hitting. Then, and only then, do you call `proceed()`. – CommonsWare Jan 18 '19 at 15:04
  • 1
    @CommonsWare I have valid certificate in website but it's not working on API level 19 , it's throw sslError . – Mr X Jan 18 '19 at 15:07
  • 1
    Possible duplicate of [Google Play Error: SSL Error Handler vulnerabilities and APP UPDATE REJECTED](https://stackoverflow.com/questions/41236517/google-play-error-ssl-error-handler-vulnerabilities-and-app-update-rejected) – Jeremy Mar 06 '19 at 22:16
  • Did you get any solution for this issue? I am getting same issue with my app. Playstore rejected my app due to same policy violation – Ajay Mehta May 10 '19 at 05:21
  • @CommonsWare I'm not examining the certs inside onreceivedSslError() till now and till december my app never face rejection due to this vulnerablity. But suddenly yesterday rejecting apk from google. If primaryErr != SSL_UNTRUSTED, then handler.proceed(), otherwise cancel() – Shivam Sharma Mar 25 '20 at 11:38
  • @CommonsWare I'm not able to find the reason about rejection on earliar working code. Please its urgent. I beg you for a help. – Shivam Sharma Mar 25 '20 at 11:40
  • @ShivamSharma: Perhaps you should roll back to the code that was not trying to override the SSL error handling. Google's Play Store bots are not that sophisticated, so they may have difficulty determining what is a good or bad implementation of `onReceivedSslError()`. If you get rid of `onReceivedSslError()`, then there is no risk from it. Beyond that, you might consider opening your own Stack Overflow question with a [mcve], asking for help in creating an `onReceivedSslError()` that Google will accept and will meet your needs. – CommonsWare Mar 25 '20 at 11:50
  • @CommonsWare Actually code for webview doesn't change for new rollout – Shivam Sharma Mar 25 '20 at 12:28
  • @ShivamSharma: They they perhaps changed their bot algorithm, and code that formerly passed now fails. – CommonsWare Mar 25 '20 at 12:29
  • @CommonsWare Can I connect with you on some other platform please. So that I can let you understandable my problem, please – Shivam Sharma Mar 25 '20 at 12:31
  • @ShivamSharma: I do not work for Google and cannot help you with Google's bots. Sorry! – CommonsWare Mar 25 '20 at 12:37
  • Did you find any solution for this? – S.Ambika Apr 09 '21 at 11:16
  • Hello there, have you find any solution. – Radwa Oct 03 '21 at 08:26

0 Answers0