First of all, I have to say that I'm mostly a PHP developer. I have a relatively old app on Google Play that was built using API 15 at the end of 2012.
Discuss here other issues related to the unsafe implementation of the X509TrustManager interface from Google Play, but none of them apply to me. I do not make SSL requests, and I do not use an external library other than Google Play services.
A warning says that the problem is related to apache.http. In particular, he says:
<i> Your application uses an unsafe implementation of the X509TrustManager interface with the Apache HTTP client, which leads to a security vulnerability. See this article in the Google Help Center for details, including the deadline for fixing the vulnerability.
Since I do not use SSL connections, I am not sure how to do this. Is the fact that I am not using SSL for connections that Google has a problem with? The data that I exchange with the server really cannot be considered sensitive - lost and found lists of pets.
The website the application belongs to is voluntary, self-funded and shared, so adding SSL is something I would rather not introduce at this time. Is SSL implementation the only way for me?
source share