Android app rejected because of old OpenSSL

Question

The Google Play Team rejected my apk for violating their Malicious Behavior or User Data policy. They imply that the included OpenSSL is old and the vulnerabilities were addressed in OpenSSL 1.0.2f/1.0.1r.

My apk was built with Flash CS6 on a PC, using embed Air 18.0.0.144 SDK.

What is the simplest method for me to solve this problem?

tgom · Accepted Answer

Ok, I was still trying to answer the original question you had, and not the later question about dx tool failing.

It seems to be a known issue, that Adobe are trying to fix. Look at this discussion:

AIR25 - dx tool failed

and at messages 12 and 13. It's saying that the known problem is to do with the latest Java update, and message 13 gives a link for you to be able to download and install the previous version of Java.

In an attempt to avoid messing with Java, I installed AIR 24.0.0.180 in Flash CS6 and my apk was created successfully.

I then uploaded it to Google Play and I immediately received an email of rejection for the same reasons.

However, that must have been a software glitch because 44 minutes later I received an email announcing that my app was live in the store. Go figure . . .

Many thanks to kglad and Colin Holgate for leading me to this solution!

kglad · Answer

did you use OpenSSL to add your public key to your signing certificate? if not:

the simplest is to update your air sdk (help>manage adobe air sdk), Find and download archived versions of Adobe AIR SDK

if you're using a self-signed p12 certificate you may need to create a new one, but i don't think that's the problem. first create a new apk using the latest sdk and see if that's accepted.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded