Entraides et échanges autour de la technologie Scol - Informations and exchanges on the Scol technology
Vous pouvez changer la langue de l'interface une fois inscrit - You can change the language once registered
You are not logged in.
Pages: 1
Hi,
I'm in the process of publishing an AR app for alpha release to Google Play. It was built and exported using OS3D Portable. It has been rejected for violating the malicious behaviour or user data policy. Here is the message received:
Hello Google Play Developer,
We rejected _____, with package name __________, for violating our Malicious Behavior or User Data policy. If you submitted an update, the previous version of your app is still available on Google Play.
This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.
Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.
Vulnerability
OpenSSL
The vulnerabilities were addressed in OpenSSL 1.02f/1.01r. To confirm your OpenSSL version, you can do a grep search for:
\$ unzip -p YourApp.apk | strings | grep "OpenSSL"
You can find more information and next steps in this Google Help Center article.
APK Version(s)
_______
Deadline to fix
07/13/2016
To confirm you’ve upgraded correctly, submit the updated version of your app to the Play Console and check back after five hours to make sure the warning is gone.
While these vulnerabilities may not affect every app that uses this software, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known security issues, even if you're not sure the issues are relevant to your app.
Apps must also comply with the Developer Distribution Agreement and Developer Program Policies.
If you feel we have made this determination in error, please reach out to our developer support team.
Best,
The Google Play Team
I'm built the app using OS3D_portable, Current version : 1.30.0, Released on : Thu Jul 20 17:43:35 2017
Does anyone have any advice on how to fix this? Would exporting it from the full (not portable) version of the software fix this? I have to use the portable version at uni, but I have the full version on my laptop at home.
thanks,
Ali
Edited to add:
Some advice on Google Help is
"If you’re using a 3rd party library that bundles OpenSSL, you’ll need to upgrade it to a version that bundles OpenSSL 1.0.2f/1.0.1r or higher."
If the current full version of OpenSpace3D bundles OpenSSL1.0.2f/1.0.1r or higher then I'll export the app from my laptop, which has the full software installed. Unfortunately IT could only install the portable version on my work computer and I left my laptop at home today. If not, is there a way of updating the OpenSSL version that bundles with the app?
Last edited by aldek (9-Oct-2017 01:12:17)
Offline
Thank you so much, Arkeon!
I ended up exporting the app from my home copy of OpenSpace3D, which wasn't the portable version. So far Google Play hasn't rejected it for the OpenSSL reason so all is good.
Thank you for fixing this in the portable version so quickly.
thanks,
Ali
Offline
Hello,
you can find the current beta version here : http://www.openspace3d.com/rsc/OS3D_portable_beta.zip
Offline
Pages: 1