问题
I uploaded my app on google play store but after few hours i got an email saying:
This app uses software that contains security vulnerabilities for users.
Below is the list of vulnerabilities and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.
Vulnerability OpenSSL
The vulnerabilities were fixed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do a grep via:
$ unzip -p YourApp.apk | strings | grep "OpenSSL"
You can find more information and next steps in this Google Help Center article.
My app is an on-line radio, that play different radio stations using Internet. And also I am using Vitamio media player rather than the android defualt player class.
Please help me i spent a lot of time on this app.
回答1:
In /libs there is thelibvinit.so for each core architecture.
Using the precompiled *.so file that they have included contain an OpneSSL vulnerability. Its a known issue with the media package.
The only recourse is to compile the libvinit.so files from source or get them from someone else online. The original developer can included the source code patches on their github for compling the .so files, you only need apply their patches applied to their base packages, get the current android openssl code and compile against it: https://github.com/android/platform_external_openssl
This is a known issue many are facing - see the Vitamio google community for further discussion.
If needing help once started, just ask another question and leave it in my comments.
回答2:
Finally the problem is solved. As i said, i am using vitamio mediaPlayer. Which was v4.2.1, just upgraded to v4.2.6. And now its working.
If anyone have issue of this kind then first try to upgrade your plug-ins.
回答3:
As per the following:
The vulnerabilities were fixed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do a grep via:
$ unzip -p YourApp.apk | strings | grep "OpenSSL"
You clearly need to increment the version of OpenSSL. It it is used in one of the libraries, then make sure you get the latest version (where they might have fixed it). Or get the source and update it yourself before using.
来源:https://stackoverflow.com/questions/34939823/why-google-play-rejected-my-app-they-saying-for-violating-our-dangerous-product