Skip to main content
venturei64798244
venturei64798244
Inspiring
March 24, 2017
Answered

Google Play Rejected app because of SSL security vulnerability

  • March 24, 2017
  • 1 reply
  • 2313 views

I have an app published from Flash CC using the AIR SDK (version 25.0.0.134)

It got rejected from GooglePlay.

Security alert

Your app is using a version of OpenSSL containing a security vulnerability. Please see this Google Help Center article for details, including the deadline for fixing the vulnerability.

I'm already using the latest SDK, so I'm not sure where to go from here.

Please help.

This topic has been closed for replies.
Correct answer venturei64798244

The previously accepted version was built with Air SDK (version 20.0.0.233)

That was successfully updated January 30th of this year.


I apologize.  This comes down to a miscommunication with my client who is responsible for deploying the APK to Google.

The error message we got from google was still for the previous build made with Air SDK 20. Google was clarifying why our previous build was rejected while we were in the process of uploading the updated version.

My client mistook the message as a rejection.

Our latest version build with Air SDK 25 has been approved and is live in the store.

Thank you for your time. Sorry for the wild goose chase.

1 reply

Anki_AG_
Adobe Employee
Anki_AG_
Adobe Employee
March 25, 2017

Hi,

Could you please try checking the version of OpenSSL present in your application. Please use this command unzip -p xxxx.apk | strings | grep "OpenSSL" and let us know the results. Also, apart from the error message which you mentioned, did you get any other information from Google regarding App rejection.

Thanks,

Ankit | Adobe AIR Engineering

venturei64798244
venturei64798244Author
Inspiring
March 25, 2017

E:\drm\drm_5_3_sutter\client\components\ascrypt\source\OpenSSL\OpenSSL_CryptImpl.cpp

OpenSSL

could not load PEM client certificate, OpenSSL error %s, (no key found, wrong pass phrase, or wrong file format?)

could not load ASN1 client certificate, OpenSSL error %s, (no key found, wrong pass phrase, or wrong file format?)

could not parse PKCS12 file, check password, OpenSSL error %s

could not load PKCS12 client certificate, OpenSSL error %s

OpenSSL was built without SSLv2 support

OpenSSL 1.0.2j  26 Sep 2016

%s(%d): OpenSSL internal error, assertion failed: %s

OpenSSL DH Method

OpenSSL X9.42 DH method

OpenSSL PKCS#3 DH method

OpenSSL CMAC method

OpenSSL HMAC method

OpenSSL EC algorithm

OpenSSL RSA method

OpenSSL DSA method

OpenSSL ECDSA method

OpenSSL ECDH method

You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html

OpenSSL default

OpenSSL default user interface

OpenSSL 'dlfcn' shared library method

N16OpenSSLCryptImpl12EVP_PKEY_OBJE

N8pkASUtil5PImplI23OpenSSLCryptoEngineImplEE

N16OpenSSLCryptImpl22OpenSSLDigestOperationE

N16OpenSSLCryptImpl22OpenSSLSymKeyOperationE

N16OpenSSLCryptImpl13OpenSSLSymKeyE

N16OpenSSLCryptImpl29OpenSSLRSAVerificationContextE

N16OpenSSLCryptImpl16OpenSSLPublicKey11DecodedInfoE

N8pkASUtil10CHolderPtrIN16OpenSSLCryptImpl16OpenSSLPublicKey11DecodedInfoEEE

N16OpenSSLCryptImpl16OpenSSLPublicKeyE

N16OpenSSLCryptImpl18PrivKeyDecodedInfoE

N8pkASUtil10CHolderPtrIN16OpenSSLCryptImpl18PrivKeyDecodedInfoEEE

N16OpenSSLCryptImpl17OpenSSLPrivateKeyE

23OpenSSLCryptoEngineImpl

19OpenSSLCryptoEngine

TLSv1 part of OpenSSL 1.0.2j  26 Sep 2016

SHA-256 part of OpenSSL 1.0.2j  26 Sep 2016

DlSHA-512 part of OpenSSL 1.0.2j  26 Sep 2016

Big Number part of OpenSSL 1.0.2j  26 Sep 2016

PEM part of OpenSSL 1.0.2j  26 Sep 2016

Anki_AG_
Adobe Employee
Anki_AG_
Adobe Employee
March 26, 2017

Thanks for the information. Could you please try uploading a sample application packaged using AIR SDK 25 and check if you run into similar issues?

Thanks,

Ankit

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices