Android OpenSSL vulnerability issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I am using CSipSimple code for my Android application. But got rejected for violation of Google Play policies.  As described it is using a version of OpenSSL containing a security vulnerability.
"Your app is using a version of OpenSSL containing a security vulnerability
  

As per the Google support team -

"Please migrate your app(s) to OpenSSL 1.02f/1.01r or higher as soon as possible and increment the version number of the upgraded APK. Beginning July 11, 2016, Google Play will block publishing of any new apps or updates that use older versions of OpenSSL. Your published app version will remain unaffected, however any updates to the app will be blocked unless they address this vulnerability."
https://support.google.com/faqs/answer/637672

 The OpenSSL version for apk found using following command ($ unzip -p YourApp.apk | strings | grep "OpenSSL") is-
 OpenSSL 1.0.1h 5 Jun 2014
  
Also to mention we are using Https protocol in the app.
 
 Is there a way in which we can upgrade the OpenSSL version of the app?

Please let me know pointers if any.
  
Thanks & Regards,
Monica Memane

_______________________________________________
Visit our blog: http://blog.pjsip.org

pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux