SSL Warning from google play

Vishal Chaudhari picture Vishal Chaudhari · Sep 25, 2015 · Viewed 11.6k times · Source

Got warning from google play.

How can i handle "SSL Error Handler Vulnerability" of unsafe implementation of the WebViewClient.onReceivedSslError handler.

"Please address this vulnerability as soon as possible and increment the version number of the upgraded APK. To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise."

Answer

Sébastien picture Sébastien · Sep 25, 2015

I have received the same warning today, and it informs me that the issue comes from the SDK of one of my ad networks (InMobi, I'm really considering dropping them as they have a lot of fraudulent, auto-redirect banners, and now this...):

com.inmobi.commons.analytics.iat.impl.net.AdTrackerWebViewLoader$MyWebViewClient

What is the affected class in your case? If it is one of your own classes, you'll have to read the technical documentation and fix your implementation.

If, like me, you are just the victim of one of your external libraries, contact the developers to ask them to provide a fixed library (or drop the library).