What is the best practice regarding security warnings on the Google Play Store?

Question

What is the best practice regarding security warnings on the Google Play Store?

I received the following error from the Google Play Developer Console: "Please fix this vulnerability as soon as possible and increase the version number of the updated APK. To process SSL certificates correctly, change your code to call SslErrorHandler.proceed () when the certificate is submitted by the server, meets your expectations and calls SslErrorHandler.cancel () otherwise.

I assume the problem is caused by my implementation of "onReceicedSslError ()". I always use "handler.proceed ()" without checking.

I would like to know what is best for fixing SSL error. And if I do a domain check, will Google Play still show me such a warning?

Thanks in advance.

+4

android security

user3796467 30 sept '15 at 6:48

source share

1 answer

Antimony · Answer 1 · 2016-02-02T01:19:43+0000

You should simply remove the implementation onReceivedSslErrorand use the default behavior, which should be overridden.

The best practice is to handle it as if you cannot connect to the server. Most people have no reason to redefine certificate verification.

What is the best practice regarding security warnings on the Google Play Store?

More articles: