cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
Locked
0
Upvote

Google Play Rejected app because of SSL security vulnerability

venturei64798244
Community Beginner ,
Mar 24, 2017 Mar 24, 2017

Copy link to clipboard

Copied

I have an app published from Flash CC using the AIR SDK (version 25.0.0.134)

It got rejected from GooglePlay.

Security alert

Your app is using a version of OpenSSL containing a security vulnerability. Please see this Google Help Center article for details, including the deadline for fixing the vulnerability.

I'm already using the latest SDK, so I'm not sure where to go from here.

Please help.

TOPICS
Performance issues

Views

1.9K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

venturei64798244
Community Beginner , Mar 27, 2017 Mar 27, 2017

I apologize.  This comes down to a miscommunication with my client who is responsible for deploying the APK to Google.

The error message we got from google was still for the previous build made with Air SDK 20. Google was clarifying why our previous build was rejected while we were in the process of uploading the updated version.

My client mistook the message as a rejection.

Our latest version build with Air SDK 25 has been approved and is live in the store.

Thank you for your time. Sorry for the wi

...

Votes

Translate

Translate
replies 9 Replies 9
latest latest Jump to latest reply
Anki_AG_ Adobe Employee
Adobe Employee ,
Mar 24, 2017 Mar 24, 2017

Copy link to clipboard

Copied

Hi,

Could you please try checking the version of OpenSSL present in your application. Please use this command unzip -p xxxx.apk | strings | grep "OpenSSL" and let us know the results. Also, apart from the error message which you mentioned, did you get any other information from Google regarding App rejection.

Thanks,

Ankit | Adobe AIR Engineering

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
venturei64798244
Community Beginner ,
Mar 25, 2017 Mar 25, 2017

Copy link to clipboard

Copied

In Response To Anki_AG_

E:\drm\drm_5_3_sutter\client\components\ascrypt\source\OpenSSL\OpenSSL_CryptImpl.cpp

OpenSSL

could not load PEM client certificate, OpenSSL error %s, (no key found, wrong pass phrase, or wrong file format?)

could not load ASN1 client certificate, OpenSSL error %s, (no key found, wrong pass phrase, or wrong file format?)

could not parse PKCS12 file, check password, OpenSSL error %s

could not load PKCS12 client certificate, OpenSSL error %s

OpenSSL was built without SSLv2 support

OpenSSL 1.0.2j  26 Sep 2016

%s(%d): OpenSSL internal error, assertion failed: %s

OpenSSL DH Method

OpenSSL X9.42 DH method

OpenSSL PKCS#3 DH method

OpenSSL CMAC method

OpenSSL HMAC method

OpenSSL EC algorithm

OpenSSL RSA method

OpenSSL DSA method

OpenSSL ECDSA method

OpenSSL ECDH method

You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html

OpenSSL default

OpenSSL default user interface

OpenSSL 'dlfcn' shared library method

N16OpenSSLCryptImpl12EVP_PKEY_OBJE

N8pkASUtil5PImplI23OpenSSLCryptoEngineImplEE

N16OpenSSLCryptImpl22OpenSSLDigestOperationE

N16OpenSSLCryptImpl22OpenSSLSymKeyOperationE

N16OpenSSLCryptImpl13OpenSSLSymKeyE

N16OpenSSLCryptImpl29OpenSSLRSAVerificationContextE

N16OpenSSLCryptImpl16OpenSSLPublicKey11DecodedInfoE

N8pkASUtil10CHolderPtrIN16OpenSSLCryptImpl16OpenSSLPublicKey11DecodedInfoEEE

N16OpenSSLCryptImpl16OpenSSLPublicKeyE

N16OpenSSLCryptImpl18PrivKeyDecodedInfoE

N8pkASUtil10CHolderPtrIN16OpenSSLCryptImpl18PrivKeyDecodedInfoEEE

N16OpenSSLCryptImpl17OpenSSLPrivateKeyE

23OpenSSLCryptoEngineImpl

19OpenSSLCryptoEngine

TLSv1 part of OpenSSL 1.0.2j  26 Sep 2016

SHA-256 part of OpenSSL 1.0.2j  26 Sep 2016

DlSHA-512 part of OpenSSL 1.0.2j  26 Sep 2016

Big Number part of OpenSSL 1.0.2j  26 Sep 2016

PEM part of OpenSSL 1.0.2j  26 Sep 2016

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Anki_AG_ Adobe Employee
Adobe Employee ,
Mar 25, 2017 Mar 25, 2017

Copy link to clipboard

Copied

In Response To venturei64798244

Thanks for the information. Could you please try uploading a sample application packaged using AIR SDK 25 and check if you run into similar issues?

Thanks,

Ankit

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
venturei64798244
Community Beginner ,
Mar 26, 2017 Mar 26, 2017

Copy link to clipboard

Copied

In Response To Anki_AG_

I'm not sure what you mean? I used Air SDK 25.0.0.134 to make the build that failed already.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Anki_AG_ Adobe Employee
Adobe Employee ,
Mar 27, 2017 Mar 27, 2017

Copy link to clipboard

Copied

In Response To venturei64798244

Hi,

Were you trying to update your app on playstore or is this a new app?

Thanks,

Adobe AIR Engineering

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
venturei64798244
Community Beginner ,
Mar 27, 2017 Mar 27, 2017

Copy link to clipboard

Copied

In Response To Anki_AG_

I was trying to update the app.

I had made an earlier attempt that was built with Air SDK (version 20.0.0.233).

It was also rejected by google. 

"Your APK has been rejected for containing security vulnerabilities, which violates the Malicious Behavior policy."

"Security alert" Your app is using a version of Apache Cordova containing one or more security vulnerabilities.

Then I upgraded to Air SDK (version 25.0.0.134) republished and tried again.

That was when we received the error about Open SSL.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
venturei64798244
Community Beginner ,
Mar 27, 2017 Mar 27, 2017

Copy link to clipboard

Copied

In Response To venturei64798244

The previously accepted version was built with Air SDK (version 20.0.0.233)

That was successfully updated January 30th of this year.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
venturei64798244
Community Beginner ,
Mar 27, 2017 Mar 27, 2017

Copy link to clipboard

Copied

In Response To venturei64798244

I apologize.  This comes down to a miscommunication with my client who is responsible for deploying the APK to Google.

The error message we got from google was still for the previous build made with Air SDK 20. Google was clarifying why our previous build was rejected while we were in the process of uploading the updated version.

My client mistook the message as a rejection.

Our latest version build with Air SDK 25 has been approved and is live in the store.

Thank you for your time. Sorry for the wild goose chase.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Anki_AG_ Adobe Employee
Adobe Employee ,
Mar 28, 2017 Mar 28, 2017

Copy link to clipboard

Copied

LATEST
In Response To venturei64798244

Thanks for confirming.

-Ankit

Adobe AIR Engineering

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices