Skip to main content
tgom
tgom
Inspiring
April 22, 2017
Answered

Android app rejected because of old OpenSSL

  • April 22, 2017
  • 1 reply
  • 7603 views

The Google Play Team rejected my apk for violating their Malicious Behavior or User Data policy. They imply that the included OpenSSL is old and the vulnerabilities were addressed in OpenSSL 1.0.2f/1.0.1r.

My apk was built with Flash CS6 on a PC, using embed Air 18.0.0.144 SDK.

What is the simplest method for me to solve this problem?

This topic has been closed for replies.
Correct answer tgom

Ok, I was still trying to answer the original question you had, and not the later question about dx tool failing.

It seems to be a known issue, that Adobe are trying to fix. Look at this discussion:

AIR25 - dx tool failed

and at messages 12 and 13. It's saying that the known problem is to do with the latest Java update, and message 13 gives a link for you to be able to download and install the previous version of Java.


In an attempt to avoid messing with Java, I installed AIR 24.0.0.180 in Flash CS6 and my apk was created successfully.

I then uploaded it to Google Play and I immediately received an email of rejection for the same reasons.

However, that must have been a software glitch because 44 minutes later I received an email announcing that my app was live in the store. Go figure . . .

Many thanks to kglad and Colin Holgate for leading me to this solution!

1 reply

kglad
kglad
Community Expert
April 22, 2017

did you use OpenSSL to add your public key to your signing certificate?  if not:

the simplest is to update your air sdk (help>manage adobe air sdk), Find and download archived versions of Adobe AIR SDK

if you're using a self-signed p12 certificate you may need to create a new one, but i don't think that's the problem.  first create a new apk using the latest sdk and see if that's accepted.

tgom
tgomAuthor
Inspiring
April 22, 2017

Thanks kglad.com . I'll try that. However, your link goes to a 404.

D
David Marston
Inspiring
July 4, 2017

3rd attempt:

"This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure."

I'm going through the Google help files as well . . .


4th attempt to publish:

I've tried the following steps:

1)    Update your air sdk (help>manage adobe air sdk), Find and download archived versions of Adobe AIR SDK

2)   

open C:\Program Files (x86)\Adobe\Adobe Flash CS6\Common\First Run\ActionScript 3.0\jvm.ini in flash and change the line
(Although the file path is different because I'm using Adobe CC )

-Xmx128m

to

-Xmx1024m

and save.  close flash cs6 and reopen and retry publishing.

First question: Although I've downloaded and unzipped the suggester air sdk. Both are still listed in HELP-MANAGE AIR dialogue box. See screen shot. Is that right . . . it seems to be using the default one???

Can't seem to remove the previous sdk or select the one I've just downloaded.

I've spent a fair bit of time searching the Adobe and Google support pages.

Is this something I should expect every I try to publish an app or is it me being dumb!!?

Thanks.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices