问题
Please, explain me, what is it?
I have received a message from GP, with this text:
Hello Google Play Developer,
We detected that your app(s) listed at the end of this email are potentially leaking credentials used to make network requests (HTTP and FTP).
Please check for cases where you use url-encoded basic access authentication, for example a URL such as https://username:password@www.example.com/. We recommend that you immediately change the credentials and redesign your app to avoid including them.
Next steps
Sign in to your Developer Console and submit the updated version of your app. Check back after five hours - we’ll show a warning message if the app hasn’t been updated correctly.Exposed developer credentials can allow an attacker to compromise your systems which puts user data at risk. For other technical questions about the vulnerability, you can post to Stack Overflow and use the tag “android-security.”
We’re here to help
If you feel we have sent this warning in error, you can contact our developer support team.
Regards,
The Google Play Team
I don't understand what a problem with my app, please help me. What should I change in my app?
回答1:
Andy, Pablo and others wonderful people, who have visited this topic.
The problem was solved recently.
All you need to do - just update Appodeal SDK to the last one (ver. 1.14.15).
You can find it in our docs
Also you can download Android SDK here (Native Android).
Regards, Andrew
Appodeal Support Team.
回答2:
I was including Appodeal library in my free and premium app. I got this warning recently, I removed Appodeal and no longer have the warning in Google Play. Even though I wasn't using ads in Premium, I was including the Appodeal library in the binary as they are different flavors of the same Android Studio project. Looks like their problem. I had removed Appodeal from my free app a couple days ago for a different reason (https://medium.com/@greenrobotllc/response-to-1-star-review-problem-ads-auto-opening-app-store-on-lolcats-android-f1c7b7991caa#.milc5rcvs). A day or so after the free update to Google, I got this exact email about the premium version which I hadn't updated.
So check your 3rd party libraries.
回答3:
I can confirm that If you are using the Appodeal SDK you will get this alert as developer. I have contacted Appodeal support and this is their answer:
Ivan Prokopenko: Hi Pablo! we found the problem. It was problem with network, we contacted with support of network. We'll update SDK in next future, it will solve the problem. but don't worry, it's not critical
回答4:
mytarget SDK has the same problem like Appodeal SDK. We have contacted mytarget support too and this is their answer:
Hello Yan, Thank you for reaching out.
No credentials and any personal data was involved, so no problem with leaking any data with our SDK. But to prevent the Google Play to display the warning yesterday we updated our SDK - latest version is 4.5.1. Here is the change log - "Changed format of internal constant, because of which Google Play could display warning».
So for your next update you can update our SDK. You can download latest version there - https://bintray.com/mytarget/maven/mytarget-sdk/view#files/com/my/target/mytarget-sdk
Please let me know if you have any questions.
So check your 3rd party libraries.
来源:https://stackoverflow.com/questions/37866157/google-play-warning-your-app-may-be-leaking-developer-credentials