JerryH
JerryH
  • 发布:2017-09-26 10:05
  • 更新:2017-09-27 15:19
  • 阅读:1888

MUI离线打包,提交google play不通过

分类:HTML5+

下面是google的邮箱回复

This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.

Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.

Vulnerability APK Version(s) Deadline to fix

SSL Error Handler

For more information on how to address WebView SSL Error Handler alerts, please see this Google Help Center article.

2 11/30/2016

To confirm you’ve upgraded correctly, submit the updated version of your app to the Play Console and check back after five hours to make sure the warning is gone.

While these vulnerabilities may not affect every app that uses this software, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known security issues, even if you're not sure the issues are relevant to your app.

google给出的解决方法

https://support.google.com/faqs/answer/7071387

本文面向的是在应用中采用的 WebViewClient.onReceivedSslError 处理程序实施方式不安全的开发者。具体来说,这种实施方式会忽略所有 SSL 证书验证错误,使应用容易受到中间人攻击。攻击者可能会更改受影响的 WebView 内容、读取传输的数据(例如登录凭据),以及执行应用中使用 JavaScript 的代码。

从 2016 年 11 月 25 日起,Google Play 将禁止发布任何包含此类漏洞的新应用或应用更新。您已发布的 APK 版本不会受到影响,但是,在修复此漏洞前,您将无法为应用发布任何更新。

后续步骤

为了纠正此问题,请将您的应用代码更新为在服务器提供的证书符合您的预期时调用 SslErrorHandler.proceed(),否则调用 SslErrorHandler.cancel()。

如果是您使用的第三方库导致的安全漏洞,请通知该第三方,并与其合作解决此问题。

更改完成后,请登录 Developer Console 并提交应用的更新版本。

过 5 个小时后再回来查看。如果应用未正确更新,系统将会显示相应的警告消息。请注意,即使您的应用已修复相应漏洞,处理过程也可能会有所延迟,这是很常见的情况。

2017-09-26 10:05 1 条评论 负责人:无 分享
已邀请:
DCloud_Android_ST

DCloud_Android_ST

"plus": {
"ssl": "accept|refuse|warning,访问https网络时对非受信证书的处理逻辑"
// ...
}
manifest.json 设置 ssl “warning” 再试试

该问题目前已经被锁定, 无法添加新回复