Uploaded image for project: 'Titanium SDK/CLI'
  1. Titanium SDK/CLI
  2. TIMOB-23676

Security alert : Google Play Warning: WebViewClient.onReceivedSslError handler

    Details

      Description

      I have received this alert after publishing my app on google pay

      Security alert
      Your application has an unsafe implementation of the WebViewClient.onReceivedSslError handler. Specifically, the implementation ignores all SSL certificate validation errors, making your app vulnerable to man-in-the-middle attacks. An attacker could change the affected WebView's content, read transmitted data (such as login credentials), and execute code inside the app using JavaScript.
      To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise. An email alert containing the affected app(s) and class(es) has been sent to your developer account address.
      Please address this vulnerability as soon as possible and increment the version number of the upgraded APK. For more information about the SSL error handler, please see our documentation in the Developer Help Center. For other technical questions, you can post to https://www.stackoverflow.com/questions and use the tags “android-security” and “SslErrorHandler.” If you are using a 3rd party library that’s responsible for this, please notify the 3rd party and work with them to address the issue.
      To confirm that you've upgraded correctly, upload the updated version to the Developer Console and check back after five hours. If the app hasn't been correctly upgraded, we will display a warning.
      Please note, while these specific issues may not affect every app that uses WebView SSL, it's best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered dangerous products in violation of the Content Policy and section 4.4 of the Developer Distribution Agreement.
      Please ensure all apps published are compliant with the Developer Distribution Agreement and Content Policy. If you have questions or concerns, please contact our support team through the Google Play Developer Help Center.

      im using SDK 5.2.2

      in my controller

      	$.winHome.addEventListener('load',function(e) {
      		if(fb.loggedin()){
      			fb.getUserData(function(data){
      				$.winHome.evalJS("init("+JSON.stringify(data)+");");
      			});
      		}
      	});
      

      in my html file

      Ti.App.fireEvent('mapListener',{op:'view',id:rId});
      

        Attachments

          Activity

            People

            • Assignee:
              msamah Ashraf Abu (Inactive)
              Reporter:
              hamzaezzi hamza ezzi
              Reviewer:
              Hans Knöchel
            • Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Backbone Issue Sync

                • Titanium SDK/CLI <> Titanium Mobile
                  Synced with:
                  TIMOB-9942
                  Sync status:
                  ERROR
                  Last received:
                  Last sent:

                  Git Source Code