针对不安全 TrustManager 的 Google Play 安全警报 [英] Google Play security alert for insecure TrustManager

问题描述

在我的一个应用程序中，我使用带有自签名证书的 HTTPS 并遵循 android 开发人员培训站点 (https://developer.android.com/training/articles/security-ssl.html#UnknownCa).

In one of my apps I'm using HTTPS with a self-signed certificate and followed the sample code from the android developer training site (https://developer.android.com/training/articles/security-ssl.html#UnknownCa).

我最近收到以下警报，说当前的实现不安全:

I recently got the following alert saying that the current implementation is not secured:

安全警报

您的应用正在使用不安全的X509TrustManager 与 Apache HTTP 客户端的接口，导致安全漏洞.请参阅这篇 Google 帮助中心文章了解详细信息，包括修复漏洞的截止日期.

Your app is using an unsafe implementation of the X509TrustManager interface with an Apache HTTP client, resulting in a security vulnerability. Please see this Google Help Center article for details, including the deadline for fixing the vulnerability.

除了上面链接的示例代码之外，有人可以提供更多关于应该更新什么的详细信息吗?

Can someone provide more details on what should be updated beyond the sample code linked above?

我应该实现自定义 TrustManager 吗?如果是这样，它应该验证什么?

Should I implement a custom TrustManager? If so, what should it verify?

推荐答案

对我来说问题是 Mobilecore.我已从应用中删除了该库并上传了新版本的 apk，但 GPlay 开发者控制台中的警告已消失.

For me the problem was Mobilecore. I've removed the library from the app and upload a new version of the apk and the warning has disappeared from the GPlay Dev Console.

这篇关于针对不安全 TrustManager 的 Google Play 安全警报的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！