表題の通りですが、新規アプリをリリースした時にリジェクトをくらいました。
Google Play Support
Hello Google Play Developer,
We rejected ***, with package name ***.., for violating our Malicious Behavior or User Data policy. If you submitted an update, the previous version of your app is still available on Google Play.
This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.
Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.
VulnerabilityAPK Version(s)Past Due Date
SSL Error Handler
For more information on how to address WebView SSL Error Handler alerts, please see this Google Help Center article.
1November 30, 2016
To confirm you’ve upgraded correctly, submit the updated version of your app to the Play Console and check back after five hours to make sure the warning is gone.
While these vulnerabilities may not affect every app that uses this software, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known security issues, even if you’re not sure the issues are relevant to your app.
Apps must also comply with the Developer Distribution Agreement and Developer Program Policies.
If you feel we have made this determination in error, please reach out to our developer support team.
Best,
The Google Play Team
SSL 証明書の確認を適切に処理してね。といっています。
不正な証明書に遭遇した場合は、ダイアログを出してユーザーに処理を進めるか選択肢を提示してあげる必要があるとのこと。
で、その解決策が以下になります。
webView.setWebViewClient(new WebViewClient() {
@Override
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
if (error.getPrimaryError() != SslError.SSL_UNTRUSTED) {
handler.cancel();
} else {
handler.proceed();
}
}
});この対応で無事審査通りました。
Webview使う際はこれセットでオーバーライドしておけば問題ないでしょう!
