Hi, Google Play just sent me a warning that my Android apps compiled in AIR 4.0 are "running an outdated version of OpenSSL, which has multiple security vulnerabilities."
I don't recall using OpenSSL for anything other than my Apple certificates. Is this something AIR itself would be responsible for, or possibly a native extension? I'm using several ad-based ones such as AdMob and Vungle, as well as in-app purchases.
Doesn't make any sense to me, so I don't know how to react to it. But apparently my apps "may be considered dangerous products and subject to removal from Google Play."
I have done several AIR 4 Android apps, without seeing that error. We’re on AIR 14 now, you may as well try that, in case something got fixed along the way.
Maybe it's an older app that has an older version of AIR. Google (as ever) were not specific: "one or more of your apps..."
I'd appreciate it if Adobe could speculate on which versions would be affected by this:
I have done several Google Play apps now, and never seen those errors. Is there any special feature, or ANE, that you’re using which could explain why you see that?
Its not really an error being thrown. It's Google reaching out to devs. I got an email to from Google
One or more of your apps is running an outdated version of OpenSSL, which has multiple security vulnerabilities. You should update OpenSSL as soon as possible. For more information about the most recent security vulnerability in OpenSSL, please see http://www.openssl.org/news/secadv_20140605.txt.
Please note, while it's unclear whether these specific issues affect your application, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.
Google Play Team
All I can do is just update to Air 14 and wait and see if they tell me the issue still exist. My app has 3 ane from milkmangames. I know they just updated there ANEs too,so I got to update the ANEs in my app first then with 14, hopefully that will do it.
Got the same email today from Google, no clue what it means.
I have several apps in the Play Store, with several AIR versions, no ANE or plugins whatsoever, just plain AIR, and got that e-mail yesterday, so it must be something about AIR itself, don't know wich version could be responsible. Aparently everyone got the same mail yesterday, so far there's no answer from anyone in the web. I guess we should wait for Adobe to say something
Thanks for the clarification, pedrodiegof - saves me having to chase up my various ANE providers.
Sounds like we have to upgrade to AIR 14.0 ASAP.
Please see the main thread. It's likely that AIR 14 will not be sufficient.