Monday, 15 May 2017

Google Play SSL Error Handler Rejection

I'm getting this error rejection email from google. Is this something that can be fixed on the server side or is it only a client side error?

Hello Google Play Developer,

We rejected Apollo - Chapter Organizer, with package name com.startxlabs.apollo, for violating our Malicious Behavior or User Data policy. If you submitted an update, the previous version of your app is still available on Google Play.

This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.

Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.

SSL Error Handler
For more information on how to address WebView SSL Error Handler alerts, please see this Google Help Center article.

3, 4
Vulnerability   APK Version(s)
To confirm you’ve upgraded correctly, submit the updated version of your app to the Play Console and check back after five hours to make sure the warning is gone.

While these vulnerabilities may not affect every app that uses this software, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known security issues, even if you're not sure the issues are relevant to your app.

Apps must also comply with the Developer Distribution Agreement and Developer Program Policies.

If you feel we have made this determination in error, please reach out to our developer support team.

Best,

The Google Play Team

Currently, I'm adding the SSL certificate as shown below in my server.prod.js file. The SSL certificate looks like it works on the website and I have an iPhone app that has been live for over a year connecting to the same SSL API:

const certsPath = path.join(__dirname, 'certs', 'server');
const caCertsPath = path.join(__dirname, 'certs', 'ca');
const options = {
  key: fs.readFileSync(path.join(certsPath, 'namecheap-ssl-certificate-private-key.pem')),
  cert: fs.readFileSync(path.join(certsPath, 'namecheap-ssl-certificate.crt')),
  ca: fs.readFileSync(path.join(caCertsPath, 'root-and-intermediate.ca-bundle')),
  requestCert: false,
  rejectUnauthorized: true
};

Db.sequelize.sync().then(()=> {
  https.createServer(options, app).listen(ENV.NODE_PORT, ()=> {
    console.log(`App listening on port: ${ENV.NODE_PORT}`);
  })
});

Thanks for the help!



via Thomas
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)