Scolring - Forum

Entraides et échanges autour de la technologie Scol - Informations and exchanges on the Scol technology

Vous pouvez changer la langue de l'interface une fois inscrit - You can change the language once registered

You are not logged in.

#1 9-Oct-2017 00:44:49

aldek
Member
Registered: 6-Oct-2017
Posts: 2

Rejected app due to OpenSSL vulnerability

Hi,

I'm in the process of publishing an AR app for alpha release to Google Play. It was built and exported using OS3D Portable. It has been rejected for violating the malicious behaviour or user data policy. Here is the message received:

Hello Google Play Developer,
We rejected _____, with package name __________, for violating our Malicious Behavior or User Data policy. If you submitted an update, the previous version of your app is still available on Google Play.
This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.
Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.

Vulnerability       
OpenSSL
The vulnerabilities were addressed in OpenSSL 1.02f/1.01r. To confirm your OpenSSL version, you can do a grep search for:
\$ unzip -p YourApp.apk | strings | grep "OpenSSL"
You can find more information and next steps in this Google Help Center article.

APK Version(s)
_______   
Deadline to fix
07/13/2016

To confirm you’ve upgraded correctly, submit the updated version of your app to the Play Console and check back after five hours to make sure the warning is gone.

While these vulnerabilities may not affect every app that uses this software, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known security issues, even if you're not sure the issues are relevant to your app.

Apps must also comply with the Developer Distribution Agreement and Developer Program Policies.
If you feel we have made this determination in error, please reach out to our developer support team.

Best,
The Google Play Team

I'm built the app using OS3D_portable, Current version : 1.30.0, Released on : Thu Jul 20 17:43:35 2017

Does anyone have any advice on how to fix this? Would exporting it from the full (not portable) version of the software fix this? I have to use the portable version at uni, but I have the full version on my laptop at home.

thanks,
Ali

Edited to add:

Some advice on Google Help is 
"If you’re using a 3rd party library that bundles OpenSSL, you’ll need to upgrade it to a version that bundles OpenSSL 1.0.2f/1.0.1r or higher."

If the current full version of OpenSpace3D bundles OpenSSL1.0.2f/1.0.1r or higher then I'll export the app from my laptop, which has the full software installed. Unfortunately IT could only install the portable version on my work computer and I left my laptop at home today. If not, is there a way of updating the OpenSSL version that bundles with the app?

Last edited by aldek (9-Oct-2017 01:12:17)

Offline

#2 9-Oct-2017 09:05:14

arkeon
Admin. / Scol language & OpenSpace3D developer
From: Nantes
Registered: 30-Mar-2009
Posts: 5,161
Website

Re: Rejected app due to OpenSSL vulnerability

Hello,
I'm uploading a portable beta version of the current development state.
It will be available in some hours.

Offline

#3 10-Oct-2017 08:19:43

aldek
Member
Registered: 6-Oct-2017
Posts: 2

Re: Rejected app due to OpenSSL vulnerability

Thank you so much, Arkeon!

I ended up exporting the app from my home copy of OpenSpace3D, which wasn't the portable version. So far Google Play hasn't rejected it for the OpenSSL reason so all is good.

Thank you for fixing this in the portable version so quickly.

thanks,
Ali

Offline

#4 10-Oct-2017 10:20:20

arkeon
Admin. / Scol language & OpenSpace3D developer
From: Nantes
Registered: 30-Mar-2009
Posts: 5,161
Website

Re: Rejected app due to OpenSSL vulnerability

Hello,

you can find the current beta version here : http://www.openspace3d.com/rsc/OS3D_portable_beta.zip

Offline

Board footer

Powered by FluxBB