不安全的TrustManager的Google Play安全警报 [英] Google Play security alert for insecure TrustManager

问题描述

在我的一个应用程序中，我使用带有自签名证书的HTTPS，并遵循了android开发人员培训网站(

In one of my apps I'm using HTTPS with a self-signed certificate and followed the sample code from the android developer training site (https://developer.android.com/training/articles/security-ssl.html#UnknownCa).

我最近收到以下警报，说当前的实现不安全:

I recently got the following alert saying that the current implementation is not secured:

安全警报

您的应用使用的是不安全的 X509TrustManager与Apache HTTP客户端的接口，导致 安全漏洞.请参阅此Google帮助中心文章以了解 详细信息，包括修复漏洞的截止日期.

Your app is using an unsafe implementation of the X509TrustManager interface with an Apache HTTP client, resulting in a security vulnerability. Please see this Google Help Center article for details, including the deadline for fixing the vulnerability.

除了上面链接的示例代码之外，有人可以提供更多有关应更新内容的详细信息吗?

Can someone provide more details on what should be updated beyond the sample code linked above?

我应该实现自定义TrustManager吗?如果是这样，应该验证什么?

Should I implement a custom TrustManager? If so, what should it verify?

推荐答案

对我来说，问题是Mobilecore.我已从应用中删除了该库，并上传了新版本的APK，并且警告已从GPlay开发者控制台中消失.

For me the problem was Mobilecore. I've removed the library from the app and upload a new version of the apk and the warning has disappeared from the GPlay Dev Console.

这篇关于不安全的TrustManager的Google Play安全警报的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！