Highlighted

Google Play: "vulnerable version of OpenSSL"

Contributor ,
Jun 12, 2014

Copy link to clipboard

Copied

Hi, Google Play just sent me a warning that my Android apps compiled in AIR 4.0 are "running an outdated version of OpenSSL, which has multiple security vulnerabilities."

I don't recall using OpenSSL for anything other than my Apple certificates. Is this something AIR itself would be responsible for, or possibly a native extension? I'm using several ad-based ones such as AdMob and Vungle, as well as in-app purchases.

Doesn't make any sense to me, so I don't know how to react to it. But apparently my apps "may be considered dangerous products and subject to removal from Google Play."

TOPICS
Development

Views

2.4K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Google Play: "vulnerable version of OpenSSL"

Contributor ,
Jun 12, 2014

Copy link to clipboard

Copied

Hi, Google Play just sent me a warning that my Android apps compiled in AIR 4.0 are "running an outdated version of OpenSSL, which has multiple security vulnerabilities."

I don't recall using OpenSSL for anything other than my Apple certificates. Is this something AIR itself would be responsible for, or possibly a native extension? I'm using several ad-based ones such as AdMob and Vungle, as well as in-app purchases.

Doesn't make any sense to me, so I don't know how to react to it. But apparently my apps "may be considered dangerous products and subject to removal from Google Play."

TOPICS
Development

Views

2.4K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jun 12, 2014 0
Adobe Community Professional ,
Jun 12, 2014

Copy link to clipboard

Copied

I have done several AIR 4 Android apps, without seeing that error. We’re on AIR 14 now, you may as well try that, in case something got fixed along the way.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 12, 2014 0
Contributor ,
Jun 12, 2014

Copy link to clipboard

Copied

Maybe it's an older app that has an older version of AIR. Google (as ever) were not specific: "one or more of your apps..."

I'd appreciate it if Adobe could speculate on which versions would be affected by this:
http://www.openssl.org/news/secadv_20140605.txt

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 12, 2014 0
Adobe Community Professional ,
Jun 12, 2014

Copy link to clipboard

Copied

I have done several Google Play apps now, and never seen those errors. Is there any special feature, or ANE, that you’re using which could explain why you see that?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 12, 2014 0
New Here ,
Jun 12, 2014

Copy link to clipboard

Copied

I got the same message today.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 12, 2014 0
Adobe Employee ,
Jun 12, 2014

Copy link to clipboard

Copied

Hello,

Could you please update AIR SDK to our latest version 14.0.0.110 available at Download Adobe AIR SDK , please let us know if you will see any problem.

Regards,

Nimit

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 12, 2014 0
Explorer ,
Jun 12, 2014

Copy link to clipboard

Copied

Its  not really an error being thrown. It's Google reaching out to devs. I got an email to from Google

Hello,

One or more of your apps is running an outdated version of OpenSSL, which has multiple security vulnerabilities. You should update OpenSSL as soon as possible. For more information about the most recent security vulnerability in OpenSSL, please see http://www.openssl.org/news/secadv_20140605.txt.

Please note, while it's unclear whether these specific issues affect your application, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.

Regards,

Google Play Team

All I can do is just update to Air 14 and wait and see if they tell me the issue still exist. My app has 3 ane from milkmangames. I know they just updated there ANEs too,so I got to update the ANEs in my app first then with 14, hopefully that will do it. 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 12, 2014 0
Engaged ,
Jun 13, 2014

Copy link to clipboard

Copied

Got the same email today from Google, no clue what it means.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0
Engaged ,
Jun 13, 2014

Copy link to clipboard

Copied

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0
Community Beginner ,
Jun 13, 2014

Copy link to clipboard

Copied

I have several apps in the Play Store, with several AIR versions, no ANE or plugins whatsoever, just plain AIR, and got that e-mail yesterday, so it must be something about AIR itself, don't know wich version could be responsible. Aparently everyone got the same mail yesterday, so far there's no answer from anyone in the web. I guess we should wait for Adobe to say something

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0
Contributor ,
Jun 13, 2014

Copy link to clipboard

Copied

Thanks for the clarification, pedrodiegof - saves me having to chase up my various ANE providers.

Sounds like we have to upgrade to AIR 14.0 ASAP.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0
Engaged ,
Jun 13, 2014

Copy link to clipboard

Copied

Please see the main thread. It's likely that AIR 14 will not be sufficient.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0