经过长时间的研究,我确实发现我在应用程序中使用的库之一是使用较旧的 OpenSSL 版本编译的。 IE,不受支持的 OpenSSL 版本。因此,我的解决方案是使用最新版本的 OpenSSL 重新编译该库 Jar。
此外,所有开发商均已获通知/通知Google
六月期间在以下电子邮件中:
Hello Google Play Developer,
We wanted to let you know that your app(s) listed below statically link against a version of OpenSSL that has multiple security vulnerabilities for users. Please migrate your app(s) to an updated version of OpenSSL by 7/7/15. Starting on this date, Google Play will block publishing of any new apps and updates that use unsupported versions of OpenSSL.
REASON FOR WARNING: Violation of the dangerous products provision of the Content Policy and section 4.4 of the Developer Distribution Agreement.
The vulnerabilities were fixed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do a grep via:
$ unzip -p YourApp.apk | strings | grep "OpenSSL"
For more information about the vulnerability, please see this OpenSSL Security Advisory. To confirm you’ve upgraded correctly, submit the updated version of the app(s) to the Developer Console and check back after five hours.
Starting on 7/7/15, we will not accept app updates containing the vulnerabilities. Any new apps containing the vulnerabilities will be rejected.
While these issues may not affect every app that uses OpenSSL versions prior to 1.0.1h, 1.0.0m, or 0.9.8za, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known issues, even if you're not sure the issues are relevant to your app.
Before publishing applications, please ensure your apps’ compliance with the Developer Distribution Agreement and Content Policy.
If you feel we’ve sent this warning in error, please contact our appeals team through the App Developer help center.
Sincerely,
Google Play Team
因此,您必须弄清楚应用程序的哪个部分使用旧版本的 OpenSSL 来解决此问题。您还需要检查是否有任何 jar 文件是使用旧版本的 OpenSSL 编译的。
希望这对您有所帮助。问候。