Google Play Security Alert - Your app is using an unsafe implementation of the HostnameVerifier

android google-play android-security

Priyank Patel · Dec 2, 2016 · Viewed 17.4k times · Source

Recently one of my app got a security alert from Google Play as below.

You app is using an unsafe implementation of the HostnameVerifier. And refer a link to Google Play Help Center article for details regarding to fixing and deadline of vulnerability.

Below is my code.

HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier(){ 
    public boolean verify(String arg0, SSLSession arg1) {
        return true;
}});

Anyone can explain with example about, what changes should I do to fix this warning?

Answer

HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier(){ 
    public boolean verify(String arg0, SSLSession arg1) {
        return true;
}});

This code effectively removes the protection of HTTPS from your connections. You need to delete it.

Disabling hostname verification allows anyone on the network to view and tamper with your network traffic by conducting a Man In The Middle Attack.

Google Play Security Alert - Your app is using an unsafe implementation of the HostnameVerifier

Answer

Related questions